Nginx enforces case-sensitivity incorrectly

According to RFC 2616, the “HTTP” string literal in the HTTP-Version
part of the Request-Line is case-insensitive. (Rationale: Section 2.1
says quoted string literals are case-insensitive unless otherwise
stated, and section 3.1 says nothing about case.)

However, nginx rejects “GET / http/1.1” as malformed. The patch below
corrects this.

— ngx_http_parse.c.orig 2009-09-15 00:10:48.000000000 +0000
+++ ngx_http_parse.c 2009-09-15 00:11:25.000000000 +0000
@@ -544,6 +544,7 @@
r->http_minor = 9;
goto done;
case ‘H’:

  •        case 'h':
               r->http_protocol.data = p;
               state = sw_http_H;
               break;
    

@@ -555,6 +556,7 @@
case sw_http_H:
switch (ch) {
case ‘T’:

  •        case 't':
               state = sw_http_HT;
               break;
           default:
    

@@ -565,6 +567,7 @@
case sw_http_HT:
switch (ch) {
case ‘T’:

  •        case 't':
               state = sw_http_HTT;
               break;
           default:
    

@@ -575,6 +578,7 @@
case sw_http_HTT:
switch (ch) {
case ‘P’:

  •        case 'p':
               state = sw_http_HTTP;
               break;
           default:

Hello!

On Mon, Sep 14, 2009 at 05:21:48PM -0700, Matthew Dempsky wrote:

According to RFC 2616, the “HTTP” string literal in the HTTP-Version
part of the Request-Line is case-insensitive. (Rationale: Section 2.1
says quoted string literals are case-insensitive unless otherwise
stated, and section 3.1 says nothing about case.)

It’s to be changed in HTTPbis, see:

http://trac.tools.ietf.org/wg/httpbis/trac/ticket/1
http://lists.w3.org/Archives/Public/ietf-http-wg/2002JulSep/0066.html

Maxim D.

On Tue, Sep 15, 2009 at 12:10 AM, Maxim D. [email protected]
wrote:

It’s to be changed in HTTPbis, see:

Interesting. Thanks for the tip. :slight_smile:

I still think nginx should support “http/1.1” (unless it slows down
handling of legitimate “HTTP/1.1” requests, which would surprise me),
but I won’t worry about it any further.

Thanks.

On Tue, Sep 15, 2009 at 10:53:54AM -0700, Matthew Dempsky wrote:

On Tue, Sep 15, 2009 at 12:10 AM, Maxim D. [email protected] wrote:

It’s to be changed in HTTPbis, see:

Interesting. Thanks for the tip. :slight_smile:

I still think nginx should support “http/1.1” (unless it slows down
handling of legitimate “HTTP/1.1” requests, which would surprise me),
but I won’t worry about it any further.

I believe “http/” is typed in telnet/netcat only.
I do not know any client that sends “http/”.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs