https://bz.apache.org/bugzilla/show_bug.cgi?id=60704
Bug ID: 60704
Summary: Setting "HttpProtocolOptions Unsafe ..." does not
allow Host Header containing "_"
Product: Apache httpd-2
Version: 2.2.31
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hi,
actually this bug report affects 2.2.32, but this version is not available in
"Version" dropdown.
In a server to server communication we (accidently) are using hostnames
containing the underline character. With default settings apache 2.2.32 is
refusing to process requests with such hostnames and fails with a http status
400, bad request.
In my understanding the HttpProcotolOptions directive has been introduced to
bring back the legacy behaviour. In my case with hostnames containing underline
characters, this does not work. Requests are declined as "400 Bad Request",
though I set "HttpProtocolOptions Unsafe LenientMethods Allow0.9".
To reproduce start apache 2.2.32 with:
"HttpProtocolOptions Unsafe LenientMethods Allow0.9"
Run the following command:
curl -v -H "Host: bad_request_hostname" http://127.0.0.1/
It returns:
HTTP/1.1 400 Bad Request
With apache 2.4.25 the host header containing underlines is processed
correctly, if HttpProtocolOptions is set to Unsafe.
Best regards,
Michael
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
