HTTP 400 when a Host header have a number on Top Level Domain

[gomes]

Problem: Always return HTTP error 400 when a Host header have number on TLD.

$ curl -v -H "Host:test.l0l" http://localhost:8080/
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET / HTTP/1.1
> Host:test.l0l
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 400
< Transfer-Encoding: chunked
< Date: Wed, 23 May 2018 22:10:10 GMT
< Connection: close
<
* Closing connection 0

Same app, now without the number (expected 401, no auth given):

$ curl -v -H "Host:test.lol" http://localhost:8080/
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET / HTTP/1.1
> Host:test.lol
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 401
< Set-Cookie: JSESSIONID=8C2CB6AC41D2F9E19AA598D77391AAAB; Path=/; HttpOnly
< WWW-Authenticate: Basic realm="Realm"
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Wed, 23 May 2018 22:12:53 GMT
<
* Connection #0 to host localhost left intact
{"timestamp":"2018-05-23T22:12:53.091+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/"}

It can be reproduced using the sample project spring-boot-sample-actuator-ui from spring-boot-samples.

I tried some configs like:
management.endpoint.httptrace.enabled=false
management.trace.http.enabled=false
management.endpoints.enabled-by-default=false

Nothing changed

[philwebb]

This looks like a duplicate of #13236 which turned out to be a Tomcat issue. They've fixed that in the 8.53 SNAPSHOT but it's not been released yet.

[gomes]

Thank you @philwebb I searched a lot here and in some dependencies, but I forgot about Tomcat.