An all numeric Host header field is treated as an integer. If the value is greater than 65535, an error 400 is returned. If the optional port is specified (adding a colon), the field is treated as a string and returns status 200. This results in inconsistent behavior in the handling of decimal IPs (as opposed to dotted decimal). http://2130706433/ (127.0.0.1) will return status 400. http://2130706433:80/ will return status 200.
A couple more observations: * The host doesn't necessarily have to be greater than 65535; http://0/ triggers the behavior. * IIS and lighttpd both show this behavior. Cherokee, gws, and apache1.3 do not. * Here's the same bug in lighttpd: http://redmine.lighttpd.net/issues/1952
However, unlike IIS and presumably lighttpd, a status 200 is returned for requests with a Host header of 1 through 65535.
I've just fixed this in trunk in r832172 . A bare integer is now treated as hostname, not as port, so it will be accepted if configured.
Fix seems to have been backported in r984172