git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 6ed1188) | patch

author	Sergey Kandaurov <pluknet@nginx.com>
	Tue, 4 Nov 2025 12:34:32 +0000 (16:34 +0400)
committer	Roman Arutyunyan <arutyunyan.roman@gmail.com>
	Wed, 26 Nov 2025 15:51:40 +0000 (19:51 +0400)
commit	511abb19e1e1b127f6d0943ccac346211a490a35
tree	0f48e61ffb621c0791ad67e2e8888441f21b64bd	tree \| snapshot
parent	6ed1188411882086e3518eda779ab782d8ab4d3f	commit \| diff

Improved host header validation.

Validation is rewritten to follow RFC 3986 host syntax, based on
ngx_http_parse_request_line(). The following is now rejected:
- the rest of gen-delims "#", "?", "@", "[", "]"
- other unwise delims <">, "<", ">", "\", "^", "`', "{", "|", "}"
- IP literals with a trailing dot, missing closing bracket, or pct-encoded
- a port subcomponent with invalid values
- characters in upper half

src/http/ngx_http_request.c		diff \| blob \| history
src/stream/ngx_stream_core_module.c		diff \| blob \| history

nginx upstream