[Mongrel] HTTP parse error due to an extra percent sign

Jonathan Rochkind rochkind at jhu.edu
Wed Jan 7 16:31:50 EST 2009


This particular case actually doesn't bother me in particular.  It may 
be fine for "/%" to be a 400 rather than a 404.

My particular case involved needing to process mal-formed query strings 
sent by third parties. I had no control over these third parties. I 
_needed_ to be able to process query strings that included un-escaped 
ampersands and such. Yes, the third party sending me this information in 
a query string was doing it in a way that was illegal and violated 
standards, but they are more powerful than I, and I can not make them 
change their behavior, and I need to handle those URLs anyway.

I took care of it with a rewrite on the apache end before it reached 
mongrel though. This ended up being somewhat more complicated then I 
hoped it would be becuase of Apache's weird and unpredictable behavior 
when it came to escaping, but now that I have it working, it works out.

Jonathan



Stephan Wehner wrote:
> On Wed, Jan 7, 2009 at 11:44 AM, Robbie Allen <lists at ruby-forum.com> wrote:
>   
>> If you append an extra percent sign to a URL that gets passed to
>> mongrel, it will return a Bad Request error.  Kind of odd that
>> "http://localhost/%" causes a "Bad Request" instead of a "Not Found"
>> error.
>>
>> Here is the error from the mongrel log:
>> HTTP parse error, malformed request (127.0.0.1):
>> #<Mongrel::HttpParserError: Invalid HTTP format, parsing fails.>
>>
>> I'm using Nginx in front of mongrel.  I understand this is a bad URL,
>> but is there anyway to have mongrel ignore lone percent signs?  Or
>> perhaps a Nginx rewrite rule that will encode extraneous percent signs?
>>     
>
> Out of curiousity, why does mongrel's handling of this case bother you?
> Looks like entirely standard behaviour, see
>
> http://groklaw.net/%
> http://slashdot.org/%
> http://w3c.org/%
>
> (All produce status 400)
>
>
> Stephan
>
>   
>> Posted via http://www.ruby-forum.com/.
>> _______________________________________________
>> Mongrel-users mailing list
>> Mongrel-users at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/mongrel-users
>>
>>     
>
>
>
>   

-- 
Jonathan Rochkind
Digital Services Software Engineer
The Sheridan Libraries
Johns Hopkins University
410.516.8886 
rochkind (at) jhu.edu


More information about the Mongrel-users mailing list