httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 10453] New: - 1.3.26: Backward-compatible GET requests broken in 1.3.26
Date Wed, 03 Jul 2002 19:20:07 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10453>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10453

1.3.26: Backward-compatible GET requests broken in 1.3.26

           Summary: 1.3.26: Backward-compatible GET requests broken in
                    1.3.26
           Product: Apache httpd-1.3
           Version: 1.3.25
          Platform: All
               URL: http://dq.com/config.gif HTTP-1.0
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Auth/Access
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: chrisw@dq.com


As of the 1.3.26 build of Apache, old-style/incorrect GET requests no longer 
work (they have worked in all previous builds of Apache).  I believe this is due 
to a GET syntax checking routine Martin added in 1.3.26.

TO SEE HOW IT WORKED BEFORE:
1) 'telnet dq.com 80' and enter 'GET /index.html HTTP-1.0' and press return 
twice.
2) Apache 1.3.25 ignores/handles the hyphen and still gets the file.

TO SEE HOW IT NO LONGER WORKS:
1) 'telnet axxs.net 80' and enter 'GET /index.html HTTP-1.0' and press return 
twice.
2) Apache 1.3.26 gives a 400 Bad Request result and does not get the file.

WHY APACHE SHOULD CONTINUE TO SUPPORT THIS BAD SYNTAX:
Many early socket and HTTP tutorials and books incorrectly show the hyphen 
instead of a slash in the GET request and as a result, many programs, including 
ours, use this old/incorrect syntax to retrieve updates, news, etc.

You would correctly argue that we should fix this on our end, which we already 
have done.  However, there are already 50,000 some odd players with our online 
games out there that can no longer get news, updates, alerts, etc. from our Web 
site using Apache.  To make matters worse, we cant simply redirect the files 
since the requests fail immediately, the only solution for us is to switch to a 
M$ server or a down-level Apache build with the security hole.  Please help us 
and others by maintaining your backward compatibility.

I thank you for your time and support of Apache.  If you need help or 
clarification, please dont hesitate to contact me.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message