You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Tom Yue <t....@gmail.com> on 2018/05/22 15:47:34 UTC
Changes to hostname parsing in HttpParser breaks internationalized ccTLDs
Hi all,
So we started getting 400 responses to all requests after upgrading
our Tomcat to 8.5.31. After some head-scratching, I finally found that
HttpParser now rejects a hostname as invalid if it does not end with
an _alphabetic_ TLD - no hyphens, no numerics. And apparently the
behavior is not configurable either.
The changelog for 8.5.31 mentions that "Enable strict validation of
the provided host name and port for all connectors. Requests with
invalid host names and/or ports will be rejected with a 400 response.
(markt)". But why are only alphabetic TLDs considered valid? The IDNA
for internationalized ccTLDs (e.g. the IDN ccTLD for China -
".中国"/".xn--fiqs8s") contain both hyphens and numerics. They are now
considered invalid by Tomcat.
Was it an explicit decision not to support internationalized ccTLDs in
Tomcat? If not, it would seem desirable to at least add a
configuration option that allows them.
Regards,
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Changes to hostname parsing in HttpParser breaks
internationalized ccTLDs
Posted by Mark Thomas <ma...@apache.org>.
On 22/05/18 16:47, Tom Yue wrote:
> Hi all,
>
> So we started getting 400 responses to all requests after upgrading
> our Tomcat to 8.5.31. After some head-scratching, I finally found that
> HttpParser now rejects a hostname as invalid if it does not end with
> an _alphabetic_ TLD - no hyphens, no numerics. And apparently the
> behavior is not configurable either.
>
> The changelog for 8.5.31 mentions that "Enable strict validation of
> the provided host name and port for all connectors. Requests with
> invalid host names and/or ports will be rejected with a 400 response.
> (markt)". But why are only alphabetic TLDs considered valid? The IDNA
> for internationalized ccTLDs (e.g. the IDN ccTLD for China -
> ".中国"/".xn--fiqs8s") contain both hyphens and numerics. They are now
> considered invalid by Tomcat.
>
> Was it an explicit decision not to support internationalized ccTLDs in
> Tomcat? If not, it would seem desirable to at least add a
> configuration option that allows them.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org