Skip to content

Home

  • in releases
  • 3 min read

1.4.52

Important changes

performance enhancements, bug fixes

Future scheduled behavior change (Q1 2019)

Beginning in Q1 2019, lighttpd defaults are scheduled to change to perform limited URL normalization on HTTP requests.

Since lighttpd 1.4.50, this URL normalization is available with server.http-parseopts \<https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails>. The lighttpd default will become server.http-parseopts = (“url-normalize-unreserved” => “enable”, “url-path-2f-decode” => “enable”) unless server.http-parseopts is explicitly set in the lighttpd config. Enabling URL normalization by default will provide more consistent behavior for mod_redirect and mod_rewrite, which match against the (url-encoded) URL request. However, decoding %2F by default, while generally desirable for consistency, is potentially a breaking change for those encoding URLs in the url-path and relying on the literal ‘/’ as a delimiter. For those uses, “url-path-2f-decode” => “disable” will need to be explicitly set in the lighttpd config.

https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails

The recommended settings for server.http-parseopts are the following, unless specific use requires looser settings:

      server.http-parseopts = (
        "header-strict"            => "enable",
        "host-strict"              => "enable",
        "host-normalize"           => "enable",
        "url-normalize"            => "enable",
        "url-normalize-unreserved" => "enable",
        "url-normalize-required"   => "enable",
        "url-ctrls-reject"         => "enable",
        "url-path-2f-decode"       => "enable",
        "url-path-dotseg-remove"   => "enable",
        "url-query-20-plus"        => "enable"
      )

Downloads

  • in releases
  • 2 min read

1.4.44

Important changes

  • support HTTP/1.1 ‘Transfer-Encoding: chunked’ request body
  • bug fixes

Downloads

Highlights

  • improvements
    • support HTTP/1.1 ‘Transfer-Encoding: chunked’ request body
    • mod_dirlisting: render dirlisting as HTML
    • mod_proxy: option to replace HTTP Host sent to backend
    • mod_proxy: proxy.balance = “sticky” option
    • mod_ssi: basic recursive SSI include virtual
    • various code portability and build fixes for older platforms
  • bug fixes
    • fix race in dynamic handler configs (reentrancy)
    • mod_cgi: fix out of sockets error for POST to CGI (1.4.43)
    • mod_scgi: fix segfault (1.4.43)
    • mod_magnet: fix magnet_cgi_set() set of env vars
    • mod_fastcgi: fix segfault if all backends down (1.4.43)
  • in releases
  • 2 min read

1.4.43

Important changes

  • improve FastCGI, SCGI, proxy reconnect on failure
  • bug fixes

Downloads

Highlights

  • improvements
    • improve FastCGI, SCGI, proxy reconnect on failure
    • build systems: do not build modules for which dependencies are not present
    • autobuild: use CC_FOR_BUILD for lemon when cross-compiling
    • config: warn if mod_authn_ldap,mysql not listed
    • config file remote IP conditions are valid for TLS SNI
    • mod_deflate ignore trailing ‘*’ in deflate.mimetypes
    • mod_deflate skip deflate if loadavg too high
    • mod_accesslog %{ratio}n logs compression ratio
    • mod_expire by mimetype
    • mod_evhost partial matching patterns
    • mod_dirlisting config header and readme files
  • bug fixes
    • fix potential tempfile corruption with streaming response
    • fix fd leak when using libev (1.4.42)
    • fix ssl client certificate authentication segfaults (1.4.42)
    • fix mod_scgi prefix matching to always match url