Project

General

Profile

Bug #15187

IPv6 x-forwarded-host results in "bad URI" error

Added by kwinters (Ken Winters) 12 months ago. Updated 19 days ago.

Status:
Open
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:89234]

Description

A request that normally works with IPv4 is failing for IPv6. The webrick server is running behind Apache2, which is setting the x-forwarded-* headers.

$ curl -k https://[fd20:8b1e:b255:8154:250:56ff:fea8:4d84]/something
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<HTML>
  <HEAD><TITLE>Bad Request</TITLE></HEAD>
  <BODY>
    <H1>Bad Request</H1>
    bad URI `/api/v3/versions'.
    <HR>
    <ADDRESS>
     WEBrick/1.3.1 (Ruby/2.3.3/2016-11-21) at
     DCU-ADM1-178:4567
    </ADDRESS>
  </BODY>
</HTML>

I added some logging to httprequest.rb to output the headers:
(fails) x-forwarded-host: fd20:8b1e:b255:8154:250:56ff:fea8:4d84 x-forwarded-host: 10.224.3.178

The bug appears to be in here:

     def setup_forwarded_info
      if @forwarded_server = self["x-forwarded-server"]
        @forwarded_server = @forwarded_server.split(",", 2).first
      end
      @forwarded_proto = self["x-forwarded-proto"]
      if host_port = self["x-forwarded-host"]
        host_port = host_port.split(",", 2).first
        @forwarded_host, tmp = host_port.split(":", 2) # HERE
        @forwarded_port = (tmp || (@forwarded_proto == "https" ? 443 : 80)).to_i
      end
      if addrs = self["x-forwarded-for"]
        addrs = addrs.split(",").collect(&:strip)
        addrs.reject!{|ip| PrivateNetworkRegexp =~ ip }
        @forwarded_for = addrs.first
      end
    end

Changing it to remove the split avoids the bug, but this simpler implementation doesn't support a port.

      if host_port = self["x-forwarded-host"]
        host_port = host_port.split(",", 2).first
        @forwarded_host = host_port # Dropped the split on :
        @forwarded_port = @forwarded_proto == "https" ? 443 : 80
      end

Originally filed as https://github.com/ruby/webrick/issues/11 before the bug submission link was updated.

History

Updated by jeremyevans0 (Jeremy Evans) 19 days ago

I've submitted a pull request to fix this: https://github.com/ruby/webrick/pull/26

Also available in: Atom PDF