https://bz.apache.org/bugzilla/show_bug.cgi?id=60704
Bug ID: 60704 Summary: Setting "HttpProtocolOptions Unsafe ..." does not allow Host Header containing "_" Product: Apache httpd-2 Version: 2.2.31 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Core Assignee: bugs@httpd.apache.org Reporter: m.be...@enbw.com Target Milestone: --- Hi, actually this bug report affects 2.2.32, but this version is not available in "Version" dropdown. In a server to server communication we (accidently) are using hostnames containing the underline character. With default settings apache 2.2.32 is refusing to process requests with such hostnames and fails with a http status 400, bad request. In my understanding the HttpProcotolOptions directive has been introduced to bring back the legacy behaviour. In my case with hostnames containing underline characters, this does not work. Requests are declined as "400 Bad Request", though I set "HttpProtocolOptions Unsafe LenientMethods Allow0.9". To reproduce start apache 2.2.32 with: "HttpProtocolOptions Unsafe LenientMethods Allow0.9" Run the following command: curl -v -H "Host: bad_request_hostname" http://127.0.0.1/ It returns: HTTP/1.1 400 Bad Request With apache 2.4.25 the host header containing underlines is processed correctly, if HttpProtocolOptions is set to Unsafe. Best regards, Michael -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org