DO NOT REPLY [Bug 10561] New: - Possible over-zealous protocol checking

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10561>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10561

Possible over-zealous protocol checking

           Summary: Possible over-zealous protocol checking
           Product: Apache httpd-1.3
           Version: HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: tom@n2h2.com


This might not be an actual bug, but I am submitting this report since it may be
undesired behavior and because it happens to break my servers.

This recent patch added functionality to prevent bogus protocol data from the
client from spoofing information in access_log and error_log.
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_protocol.c.diff?r1=1.314&r2=1.315

Before this patch, clients with bad protocols were assumed to be "HTTP/1.0".
With this patch clients who incorrectly identify the protocol get an error.  

In my case, I need to service clients who request "HTTPS/1.0" as the protocol. 
These clients are built into a third party product that downloads data files
from the company I work for.  I have made my own patch to fix the problem, but I
am not a programmer, and hacking every new Apache release isn't appealing.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org