Bug 55362

Summary: Apache httpd sends "400 Bad Request" to client due to IPvFuture (RFC 3986) format IP address Hostname Host Header
Product: Apache httpd-2 Reporter: king.rizzo
Component: CoreAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal CC: king.rizzo
Priority: P2    
Version: 2.4.6   
Target Milestone: ---   
Hardware: All   
OS: Linux   

Description king.rizzo 2013-08-05 19:06:54 UTC
An Apple AirPrint Internet Printing Protocol (IPP) client (from either iOS or Mac OS) can send requests over IPv6 with an IPvFuture format (RFC 3986) IPv6 address in the Hostname HTTP Host Header value.  The Hostname is of the form [v1:<ipv6 addr>+en0].   Where en0 is the interface of the requesting Mac.

The Apache HTTP server is rejecting the request (with "400 Bad Request") due to this Hostname value in the header before a registered IPP Apache module even sees it.

The following is what is seen in the Apache log file:

[Fri Aug 02 11:36:06 2013] [error] [client fe80::12dd:b1ff:fed6:d654] Client sent malformed Host header
[Fri Aug 02 11:36:06 2013] [error] [client 2620:0:290:e012:12dd:b1ff:fed6:d654] Client sent malformed Host header

and the Apache code that is logging this error appears to be fix_hostname() in ./server/vhost.c
Comment 1 Stefan Fritsch 2013-08-07 22:00:35 UTC
AFAICS, RFC 3986 does not define v1 of the IPvFuture format. Instead it says 

   If a URI
   containing an IP-literal that starts with "v" (case-insensitive),
   indicating that the version flag is present, is dereferenced by an
   application that does not know the meaning of that version flag, then
   the application should return an appropriate error for "address
   mechanism not supported"."

Returning a 400 seems to fullfill this requirement. Unless we can make sure that all code that comes in contact with such addresses can handle the different format, I don't think we should change this behavior.

Also, v1 seems to be only specified by draft-fenner-literal-zone-02 which has not become an RFC.
Comment 2 king.rizzo 2013-08-12 16:05:02 UTC
Is there a way thru either filters or hooks, that a 3rd party can put in an add-on module to modify this rejection behavior?  It appears that Apache rejects the request before any 3rd party code can see it.  I've posted requests for information on the support mailing lists, but did not get any information on this. I was only told to write a bug.
Comment 3 king.rizzo 2013-08-12 16:12:40 UTC
Also note - it is our understanding that Apple (Michael Sweet) is working with IETF to have the IPvFuture format become standard, possibly as an addendum to RFC 3986, but we are unable to locate the status of this effort.
Comment 4 king.rizzo 2013-09-09 21:19:55 UTC
The following standards document:

http://tools.ietf.org/html/draft-sweet-uri-zoneid-00

Updates URI generic syntax defined in RFC 3986 and is intended to replace RFC 6874.

The state of this draft can be tracked here:

http://datatracker.ietf.org/doc/draft-sweet-uri-zoneid/

Of course, this is not yet an accepted standard, at what point can Apache determine that this should be accepted and thus support added?

Thanks.