Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Maxim Dounin
December 25, 2018 10:44AM
Hello!

On Mon, Dec 24, 2018 at 01:47:36PM -0800, Terence Honles wrote:

> Yes, the regex will fail for IPv future literals, but I don't believe they are
> being used in practice. When they are, I'm sure the Django project will
> welcome the change to the RegEx.

Sure. The point is that there is no difference between perfectly
valid and invalid literals. Django will complain if it sees
anything it doesn't understand (and that's perfectly fine,
actually).

> As for the configuration you proposed, we are already using that (with a 444
> instead of 404), but the IP literal will still pass through because it is a
> valid match (but an invalid hostname according to RFC 3986).

With the configuration I proposed, names you haven't explicitly
configured with the "server_name" directive will not be sent to
backends. And if you've explicitly configured an invalid name, I
don't see why nginx should refuse doing what it was explicitly
told to do.

Most likely, you've instead configured nginx to pass everything to
Django, and this is what causes errors in your setup. Consider
switching to a more restricted configuration.

Happy holidays.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 204 December 16, 2018 10:20PM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Maxim Dounin 52 December 17, 2018 11:18AM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 52 December 21, 2018 03:00PM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Maxim Dounin 66 December 24, 2018 08:00AM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 51 December 24, 2018 04:48PM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 53 December 24, 2018 05:12PM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Maxim Dounin 68 December 25, 2018 10:44AM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 42 February 25, 2019 03:48PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 84
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready