I am using the python http.server quite happily, but ran into a problem with one specific device.
This device, a Geiger counter, sends a url request with a finishing CR, while it should be sending a CRLF.
Apache sees this as a security risk , and rejects such requests with “400 Bad Request” and logs it as “malformed request line” (https://httpd.apache.org/security/vul…, scroll to “important: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)”).
For Apache one can work around this by entering into
(The default being
HttpProtocolOptions Strict ). My local Apache server is now working with that dirty device.
I suppose the Python server is of the same opinion as Apache, and rejects these requests for the same reason. Is there anything I can do to my Python server to also make it accept CR in a request where a CRLF should be?
Putting “Unsafe” into the config of a public web server is probably a good example of what NOT to do, but in my case the counter would be run in a local LAN, and security is not of any concern.
The Geiger counter has closed source firmware, so is not accessible to me.