Welcome! Log In Create A New Profile

Re: [patch] reject http header without colon (:) in the header name

Forum List Message List New Topic Print View

Ben Kallus

May 07, 2024 06:00PM

Nginx is the only widely-used HTTP server that ignores invalid
field-lines. This behavior makes it trivial to fingerprint.

I never reported this in the past because I assumed Maxim wouldn't
care about that sort of thing. Now that he's out of the picture, maybe
others will see things differently?

-Ben
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[patch] reject http header without colon (:) in the header name	Maksim Yevmenkin	105	May 07, 2024 05:34PM
Re: [patch] reject http header without colon (:) in the header name	Ben Kallus	25	May 07, 2024 06:00PM
Re: [patch] reject http header without colon (:) in the header name	Roman Arutyunyan	19	May 13, 2024 03:20AM
Re: [patch] reject http header without colon (:) in the header name	Ben Kallus	15	May 13, 2024 10:32AM
Re: [patch] reject http header without colon (:) in the header name	Илья Шипицин	19	May 13, 2024 12:02PM
Re: [patch] reject http header without colon (:) in the header name	Ben Kallus	16	May 13, 2024 04:12PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 105

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018