Opened 7 years ago

Closed 7 years ago

#333 closed defect (duplicate)

Headerless GET reply with un-escaped URLs containing ' H'

Reported by: Mohammad Alsaleh Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.2.x
Keywords: Cc:
uname -a:
nginx -V: nginx version: nginx/1.2.8
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/sbin/nginx --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-imap --with-imap_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_realip_module --with-http_ssl_module --with-http_stub_status_module --add-module=/usr/lib/passenger/ext/nginx

Description

NGINX seems to handle un-escaped URLs. But If the URL contains ' H' in its path. nginx sends a headerless reply with this html code:

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.2.7</center>
</body>
</html>

This behavior is inconsistent. NGINX should either refuse all un-escaped URLs with proper reply codes (not just an error message embedded in html). Or support them all.

Change History (1)

comment:1 by Maxim Dounin, 7 years ago

Resolution: duplicate
Status: newclosed

Duplicate of #196.

Note: See TracTickets for help on using tickets.