Ruby Forum NGINX > Still having HTTP 400 - nginx bad request error

I recently updated nginx to 0.6.32 and I am still facing a HTTP 400 
error
when I am making mobile requests. Can someone tell me what is the issue
please?

sample request

http://www.whatever.com/process?a=14131C047A5041424056405648574B588C89&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+5.1%3B+en-US%3B+rv%3A1.8.1.12%29+Gecko%2F20080201+Firefox%2F2.0.0.12&ip=220.227.173.195&key=sms,india,jokes,chat,romance,freesms

On Wed, Aug 13, 2008 at 8:05 AM, Asif Ali <azifali@gmail.com> wrote:
> I recently updated nginx to 0.6.32 and I am still facing a HTTP 400 error
> when I am making mobile requests. Can someone tell me what is the issue
> please?
>
> sample request
>
> http://www.whatever.com/process?a=14131C047A5041424056405648574B588C89&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+5.1%3B+en-US%3B+rv%3A1.8.1.12%29+Gecko%2F20080201+Firefox%2F2.0.0.12&ip=220.227.173.195&key=sms,india,jokes,chat,romance,free sms
>

perhaps the unescaped space in param key "free sms"

Possibly that space in "free sms" isn't too healthy

Is there any other possibility?. A lot of requests from mobile phones 
seem
to be rejected by nginx as well

There are lots of special characters (generally encoded) available 
within
the request url

Please advise

regards

Asif Ali

On 8/13/08, Asif Ali <azifali@gmail.com> wrote:
> Asif Ali
IMHO nginx should accept unencoded data and encode it if it needs to.
Spaces in URLs are probably quite common and web browsers/mobile
devices/all that stuff probably doesn't encode them nicely like they
should all the time.

On Wed, Aug 13, 2008 at 10:44:36AM -0700, mike wrote:

> >
> > Asif Ali
> 
> IMHO nginx should accept unencoded data and encode it if it needs to.
> Spaces in URLs are probably quite common and web browsers/mobile
> devices/all that stuff probably doesn't encode them nicely like they
> should all the time.

nginx accepts any character in URL except space. I do not think that
unescaped spaces are common: I have just seen www.rambler.ru's last
400,000 requests. There are 50 line with 400 errors and no one with 
space.

Probably these spaces are bugs in mobile phones.

Apache 1.3 returns 400 for such URLs too, while modern Apache2 accepts 
them.

On 8/13/08, Igor Sysoev <is@rambler-co.ru> wrote:

> nginx accepts any character in URL except space. I do not think that
> unescaped spaces are common: I have just seen www.rambler.ru's last
> 400,000 requests. There are 50 line with 400 errors and no one with space.
>
> Probably these spaces are bugs in mobile phones.
>
> Apache 1.3 returns 400 for such URLs too, while modern Apache2 accepts them.

okay, so anyone with a buggy mobile phone loading an nginx site is
just out of luck? instead of probably a minor check for a " " in the
url and encoding it for them?

On Wed, Aug 13, 2008 at 12:14:57PM -0700, mike wrote:

> okay, so anyone with a buggy mobile phone loading an nginx site is
> just out of luck? instead of probably a minor check for a " " in the
> url and encoding it for them?

I will look.

BTW, the buggy mobile phone owners are unhappy with google too:

-----------
>nc www.google.com 80 | head -10
GET /search?q=test test HTTP/1.0

HTTP/1.0 400 Bad Request
Date: Wed, 13 Aug 2008 19:23:35 GMT
Content-Type: text/html; charset=UTF-8
Server: GFE/1.3
Connection: Close
Content-Length: 1344



<html><head>


<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>400 Bad Request</title>

On Wed, Aug 13, 2008 at 11:24:28PM +0400, Igor Sysoev wrote:

> > > Apache 1.3 returns 400 for such URLs too, while modern Apache2 accepts them.
> >nc www.google.com 80 | head -10
> 
> <html><head>
> 
> 
> <html><head>
> <meta http-equiv="content-type" content="text/html;charset=utf-8">
> <title>400 Bad Request</title>
> -------------

Thus, the buggy mobile phone owners are unhappy with google, Yahoo,
facebook (both run Apache 1.3), microsoft.com, and msn.com.

On 8/13/08, Igor Sysoev <is@rambler-co.ru> wrote:

> Thus, the buggy mobile phone owners are unhappy with google, Yahoo,
> facebook (both run Apache 1.3), microsoft.com, and msn.com.

I guess that's something to consider; but why compare your product to
sub-par ones? :)

On Wed, Aug 13, 2008 at 12:44:45PM -0700, mike wrote:

> On 8/13/08, Igor Sysoev <is@rambler-co.ru> wrote:
> 
> > Thus, the buggy mobile phone owners are unhappy with google, Yahoo,
> > facebook (both run Apache 1.3), microsoft.com, and msn.com.
> 
> I guess that's something to consider; but why compare your product to
> sub-par ones? :)

I'm not compare, but I mean that these users are unhappy in modern 
internet.

As to relaxation of the input requirements, I think it should have some 
limits.
For example, MS had relaxed HTML requirements in IEs and this had lead 
to
HTML nightmare, XSS, and security holls.

When the same url is accessed through a mobile phone only then the issue
comes whereas if we access it from a PC browser then there is no issue.

Does nginx handle these two requests differently because they both send
different sets of headers or because the browsers handle the requests
independently?

regards

Also - I have enabled GZIP - could that be a problem?

On Thu, Aug 14, 2008 at 01:58:01PM +0530, Asif Ali wrote:

> When the same url is accessed through a mobile phone only then the issue
> comes whereas if we access it from a PC browser then there is no issue.
> 
> Does nginx handle these two requests differently because they both send
> different sets of headers or because the browsers handle the requests
> independently?

Could you make tcpdump of both requests ?