Package: lighttpd Version: 1.4.53-4 Severity: normal Dear Maintainer,
Hello! lighttpd server is returnd ”400 Bad Request", if %C0 (or any other char.) is included in the URL. for example, http://localhost/index.lighttpd.html : return OK (display index page) http://localhost/index.lighttpd.html?%C0 : 400 Bad Request http://localhost/index.lighttpd.html?%C1 : 400 Bad Request http://localhost/index.lighttpd.html?%C2 : OK I can't understand this behavior. Thank you very much. OHNO, Tetsuji -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lighttpd depends on: ii libattr1 1:2.4.48-4 ii libbz2-1.0 1.0.6-9.1 ii libc6 2.28-10 ii libfam0 2.7.0-17.3 ii libpcre3 2:8.39-12 ii libssl1.1 1.1.1c-1 ii lsb-base 10.2019051400 ii mime-support 3.62 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages lighttpd recommends: ii lighttpd-modules-ldap 1.4.53-4 ii lighttpd-modules-mysql 1.4.53-4 ii perl 5.28.1-6 ii spawn-fcgi 1.6.4-2 Versions of packages lighttpd suggests: pn apache2-utils <none> pn lighttpd-doc <none> ii openssl 1.1.1c-1 pn php-cgi <none> pn rrdtool <none> -- Configuration Files: /etc/lighttpd/lighttpd.conf changed: $HTTP["host"] == "10.0.0.1" { userdir.path = "public_html" userdir.exclude-user = ( "root", "postmaster" ) } server.modules = ( "mod_indexfile", "mod_access", "mod_alias", "mod_redirect", ) server.document-root = "/var/www/html" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/var/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 6080 server.http-parseopts = ( "header-strict" => "enable",# default "host-strict" => "enable",# default "host-normalize" => "enable",# default "url-normalize-unreserved"=> "enable",# recommended highly "url-normalize-required" => "enable",# recommended "url-ctrls-reject" => "enable",# recommended "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) #"url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) #"url-path-dotseg-reject" => "enable", #"url-query-20-plus" => "enable",# consistency in query string ) index-file.names = ( "index.php", "index.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) compress.cache-dir = "/var/cache/lighttpd/compress/" compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.conf.pl" include "/etc/lighttpd/conf-enabled/*.conf" server.modules += ( "mod_compress", "mod_dirlisting", "mod_staticfile", ) -- no debconf information