You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/07/08 19:52:36 UTC
DO NOT REPLY [Bug 10561] New: -
Possible over-zealous protocol checking
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10561>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10561
Possible over-zealous protocol checking
Summary: Possible over-zealous protocol checking
Product: Apache httpd-1.3
Version: HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: core
AssignedTo: bugs@httpd.apache.org
ReportedBy: tom@n2h2.com
This might not be an actual bug, but I am submitting this report since it may be
undesired behavior and because it happens to break my servers.
This recent patch added functionality to prevent bogus protocol data from the
client from spoofing information in access_log and error_log.
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_protocol.c.diff?r1=1.314&r2=1.315
Before this patch, clients with bad protocols were assumed to be "HTTP/1.0".
With this patch clients who incorrectly identify the protocol get an error.
In my case, I need to service clients who request "HTTPS/1.0" as the protocol.
These clients are built into a third party product that downloads data files
from the company I work for. I have made my own patch to fix the problem, but I
am not a programmer, and hacking every new Apache release isn't appealing.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org