> nginx is about as popular as GWS, same reasoning might be considered.
What I'm saying is exceptional about GWS is not its popularity. Of
course, Nginx (and Apache) are similarly popular. I'm arguing that
because GWS is by design a single-purpose web server that serves the
interest of a single co
nginx is about as popular as GWS, same reasoning might be considered.
btw, do you suggest to
1) introduce new behaviour by some setting (default is unchanged)
2) change default behaviour
?
and I'm quite curious why do you want to change current behaviour
пн, 13 мая 2024 г. в 16:30, Ben Kallus
Okay; I should have been more specific. I meant that nginx is unique
among *general-purpose* web servers.
GWS is something of an special case; it also accepts requests with no
Host header, and doesn't validate the version string (e.g.,
HTTP/1.9 is accepted).
Google has opted into these st
Hi,
On Tue, May 07, 2024 at 05:58:34PM -0400, Ben Kallus wrote:
> Nginx is the only widely-used HTTP server that ignores invalid
> field-lines. This behavior makes it trivial to fingerprint.
A simple test shows that google server gws does the same.
> I never reported this in the past because I a
Nginx is the only widely-used HTTP server that ignores invalid
field-lines. This behavior makes it trivial to fingerprint.
I never reported this in the past because I assumed Maxim wouldn't
care about that sort of thing. Now that he's out of the picture, maybe
others will see things differently?
hello,
it appears that nginx would happily accept http header without colon
(:) in the header name. the patch below tries to address this.
thanks
max
==
--- a/ports/netflix/nginx/files/nginx/src/http/ngx_http_parse.c
+++ b/ports/netflix/nginx/files/nginx/src/http/ngx_http_parse.c
@@ -941,14 +94
