Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles
February 25, 2019 03:48PM
I followed up on this, and it is only happening via HTTPs which does not have
the "host guard". When added it performed as expected, Thanks.

On Tue, Dec 25, 2018 at 7:42 AM Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> Hello!
>
> On Mon, Dec 24, 2018 at 01:47:36PM -0800, Terence Honles wrote:
>
> > Yes, the regex will fail for IPv future literals, but I don't believe they are
> > being used in practice. When they are, I'm sure the Django project will
> > welcome the change to the RegEx.
>
> Sure. The point is that there is no difference between perfectly
> valid and invalid literals. Django will complain if it sees
> anything it doesn't understand (and that's perfectly fine,
> actually).
>
> > As for the configuration you proposed, we are already using that (with a 444
> > instead of 404), but the IP literal will still pass through because it is a
> > valid match (but an invalid hostname according to RFC 3986).
>
> With the configuration I proposed, names you haven't explicitly
> configured with the "server_name" directive will not be sent to
> backends. And if you've explicitly configured an invalid name, I
> don't see why nginx should refuse doing what it was explicitly
> told to do.
>
> Most likely, you've instead configured nginx to pass everything to
> Django, and this is what causes errors in your setup. Consider
> switching to a more restricted configuration.
>
> Happy holidays.
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 206 December 16, 2018 10:20PM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Maxim Dounin 52 December 17, 2018 11:18AM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 52 December 21, 2018 03:00PM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Maxim Dounin 66 December 24, 2018 08:00AM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 52 December 24, 2018 04:48PM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 53 December 24, 2018 05:12PM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Maxim Dounin 69 December 25, 2018 10:44AM

Re: [PATCH] better constrain IP-literal validation in ngx_http_validate_host()

Terence Honles 42 February 25, 2019 03:48PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 97
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready