Leseratte10 Wrote:
-------------------------------------------------------
> As a response to ticket https://trac.nginx.org/nginx/ticket/1724,
> Nginx 1.17.9 and newer ( https://hg.nginx.org/nginx/rev/4f18393a1d51 )
> no longer accept HTTP requests with more than one "Host" header due to
> an additional condition in ngx_http_process_host.
> https://supertennisracquet.com/how-does-tennis-score-work/
> That change "broke" my server, as that server is being accessed by an
> old piece of hardware that seems to have a similar issue as the
> Motorola phones the hack was originally introduced for. It doesn't
> send two different hostnames, but instead sends the same one twice
> (two seperate, identical Host headers).
>
> Looking both through the documentation and through the Nginx source
> code, I found no way to relax that check, so I had to download the
> nginx source code, revert that one commit, and compile it myself. But
> that's not an ideal solution as it makes it way more difficult to keep
> nginx up-to-date, I'd rather just use my distribution's nginx
> package.
>
> Would it be possible to add a config file option to bring back the old
> behaviour, allowing duplicate host headers again? I see why this
> change was introduced (as multiple Host headers can cause a bunch of
> issues), but as long as it's disabled by default there should be no
> harm in having a configuration option that allows multiple headers,
> right?
Thanks for sharing
