[
https://issues.apache.org/jira/browse/TS-4043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15032334#comment-15032334
]
Alan M. Carroll edited comment on TS-4043 at 11/30/15 7:49 PM:
---------------------------------------------------------------
I didn't realize URIs with IPv6 addresses required the brackets, we'll have to
add that and allow '%' for URI encoding. I did find this
bq. [this specification] delegates the issue of registered name syntax
conformance to the operating system of each application performing URI
resolution, and that operating system decides what it will allow for the
purpose of host identification
I read that as permitting ATS to restrict the permitted characters to the DNS
character set for host names.
was (Author: amc):
I didn't realize URIs with IPv6 addresses required the brackets, we'll have to
add that and allow '%' for URI encoding. I did find this
bq. [this specification] delegates the issue of registered name syntax
conformance to the
operating system of each application performing URI resolution, and
that operating system decides what it will allow for the purpose of
host identification
I read that as permitting ATS to restrict the permitted characters to the DNS
character set for host names.
> Prevent bogus FQDN characters in host header
> --------------------------------------------
>
> Key: TS-4043
> URL: https://issues.apache.org/jira/browse/TS-4043
> Project: Traffic Server
> Issue Type: Bug
> Components: Security
> Reporter: Daniel Xu
> Assignee: Leif Hedstrom
> Fix For: 6.1.0
>
>
> Currently ATS isn't checking if a character is valid before letting it in as
> a hostname.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
