lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
3,162 Commits
8 Branches
83 Tags
59 MiB
master
personal/gstrauss/master
personal/stbuehler/ci-build
personal/stbuehler/fix-fdevent
personal/stbuehler/1.4.48-mod-proxy-fix
personal/stbuehler/cleanup-build
personal/stbuehler/mod-csrf
personal/stbuehler/mod-csrf-old
lighttpd-1.4.69
lighttpd-1.4.68
lighttpd-1.4.67
lighttpd-1.4.66
lighttpd-1.4.65
lighttpd-1.4.64
lighttpd-1.4.63
lighttpd-1.4.62
lighttpd-1.4.61
lighttpd-1.4.60
lighttpd-1.4.59
lighttpd-1.4.58
lighttpd-1.4.57
lighttpd-1.4.56
lighttpd-1.4.56-rc7
lighttpd-1.4.56-rc6
lighttpd-1.4.56-rc5
lighttpd-1.4.56-rc4
lighttpd-1.4.56-rc3
lighttpd-1.4.56-rc2
lighttpd-1.4.56-rc1
lighttpd-1.4.55
lighttpd-1.4.54
lighttpd-1.4.53
lighttpd-1.4.52
lighttpd-1.4.51
lighttpd-1.4.50
lighttpd-1.4.49
lighttpd-1.4.48
lighttpd-1.4.47
lighttpd-1.4.46
lighttpd-1.4.45
lighttpd-1.4.44
lighttpd-1.4.43
lighttpd-1.4.42
lighttpd-1.4.41
lighttpd-1.4.40
lighttpd-1.4.39
lighttpd-1.4.38
lighttpd-1.4.37
lighttpd-1.4.36
lighttpd-1.4.36--rc1
lighttpd-1.4.35
lighttpd-1.4.34
lighttpd-1.4.33
lighttpd-1.4.32
lighttpd-1.4.31
lighttpd-1.4.30
lighttpd-1.4.29
lighttpd-1.4.24
lighttpd-1.3.11
lighttpd-1.3.12
lighttpd-1.3.13
lighttpd-1.3.14
lighttpd-1.3.15
lighttpd-1.3.16
lighttpd-1.4.1
lighttpd-1.4.10
lighttpd-1.4.11
lighttpd-1.4.12
lighttpd-1.4.13
lighttpd-1.4.14
lighttpd-1.4.15
lighttpd-1.4.16
lighttpd-1.4.17
lighttpd-1.4.18
lighttpd-1.4.19
lighttpd-1.4.2
lighttpd-1.4.20
lighttpd-1.4.21
lighttpd-1.4.22
lighttpd-1.4.23
lighttpd-1.4.25
lighttpd-1.4.26
lighttpd-1.4.27
lighttpd-1.4.28
lighttpd-1.4.3
lighttpd-1.4.4
lighttpd-1.4.5
lighttpd-1.4.6
lighttpd-1.4.7
lighttpd-1.4.8
lighttpd-1.4.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1dd58c5ad8'
${ noResults }
Commit Graph

6 Commits (1dd58c5ad802ebca61e399d3b8846111de2e7ed8)

Author SHA1 Message Date
Glenn Strauss 77c01f9817 [core] buffer_append_path_len() 
concatenate paths, placing single '/' between strings

reverts broken commit:b9402283

(thx avij)
 4 years ago
Glenn Strauss e8e59396d3 [core] reject decoded url-path without leading '/' 
buffer_simplify_path() no longer prepends '/' if '/' is missing.
Callers must check for leading '/' depending on use, such as in
concatenation with others paths, or direct use accessing filesystem

Note: lighttpd 1.4.50 provides the server.http-parseopts directive.
Recommended settings unless specific use requires looser settings:
  server.http-parseopts = (
    "header-strict"            => "enable",
    "host-strict"              => "enable",
    "host-normalize"           => "enable",
    "url-normalize"            => "enable",
    "url-normalize-unreserved" => "enable",
    "url-normalize-required"   => "enable",
    "url-ctrls-reject"         => "enable",
    "url-path-2f-decode"       => "enable",
    "url-path-dotseg-remove"   => "enable",
    "url-query-20-plus"        => "enable"
  )

x-ref:
  https://digi.ninja/blog/lighttpd_rewrite_bypass.php

As noted in the link above, mod_access should be preferred instead
of mod_rewrite for access controls to URLs.
 4 years ago
Glenn Strauss aba45f68d8 [core] perf: simpler buffer_string_space() (tests) 4 years ago
Glenn Strauss c98d89a4bb [tests] #undef NDEBUG before assert.h in t/test_* 5 years ago
Glenn Strauss 2e385a1a53 [core] fix buffer_to_upper() 
fix buffer_to_upper() and case-insensitive filesystem detection
 5 years ago
Glenn Strauss 6ccccaaa38 [tests] move src/test_*.c to src/t/ 5 years ago