Opened 11 years ago
Closed 11 years ago
#333 closed defect (duplicate)
Headerless GET reply with un-escaped URLs containing ' H'
Reported by: | Mohammad Alsaleh | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.2.x |
Keywords: | Cc: | ||
uname -a: | |||
nginx -V: |
nginx version: nginx/1.2.8
TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/sbin/nginx --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-imap --with-imap_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_realip_module --with-http_ssl_module --with-http_stub_status_module --add-module=/usr/lib/passenger/ext/nginx |
Description
NGINX seems to handle un-escaped URLs. But If the URL contains ' H' in its path. nginx sends a headerless reply with this html code:
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.2.7</center>
</body>
</html>
This behavior is inconsistent. NGINX should either refuse all un-escaped URLs with proper reply codes (not just an error message embedded in html). Or support them all.
Note:
See TracTickets
for help on using tickets.
Duplicate of #196.