httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1756541 [1/2] - in /httpd/httpd/trunk/docs/manual/mod: core.html.en directives.html.en quickreference.html.en
Date Tue, 16 Aug 2016 18:11:47 GMT
Author: wrowe
Date: Tue Aug 16 18:11:47 2016
New Revision: 1756541

Regen docs


Modified: httpd/httpd/trunk/docs/manual/mod/core.html.en
--- httpd/httpd/trunk/docs/manual/mod/core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.html.en Tue Aug 16 18:11:47 2016
@@ -61,6 +61,7 @@ available</td></tr>
 <li><img alt="" src="../images/down.gif" /> <a href="#elseif">&lt;ElseIf&gt;</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#enablemmap">EnableMMAP</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#enablesendfile">EnableSendfile</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#enforcehttpprotocol">EnforceHTTPProtocol</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#error">Error</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#errordocument">ErrorDocument</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#errorlog">ErrorLog</a></li>
@@ -1300,6 +1301,54 @@ version 2.3.9.</td></tr>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
+<div class="directive-section"><h2><a name="EnforceHTTPProtocol" id="EnforceHTTPProtocol">EnforceHTTPProtocol</a>
<a name="enforcehttpprotocol" id="enforcehttpprotocol">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Modify
restrictions on HTTP Request Messages</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>EnforceHTTPProtocol
[Strict|Unsafe] [Allow0.9|Require1.0]</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>EnforceHTTPProtocol
Strict Allow0.9</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.2.32
or 2.4.24 and later</td></tr>
+    <p>This directive changes the rules applied to the HTTP Request Line
+    (<a href="">RFC 7230 §3.1.1</a>)
and the HTTP Request Header Fields
+    (<a href="">RFC 7230 §3.2</a>),
which are now applied by default or using
+    the <code>Strict</code> option. Due to legacy modules, applications or
+    custom user-agents which must be deperecated, an <code>Unsafe</code>
+    option has been added to revert to the legacy behavior. These rules are
+    applied prior to request processing, so must be configured at the global
+    or default (first) matching virtual host section, by interface and not
+    by name, to be honored.</p>
+    <p>Prior to the introduction of this directive, the Apache HTTP Server
+    request message parsers were tolerant of a number of forms of input
+    which did not conform to the protocol.
+    <a href="">RFC 7230 §9.4 Request
Splitting</a> and
+    <a href="">§9.5 Response Smuggling</a>
call out only two of the potential
+    risks of accepting non-conformant request messages. As of the introduction
+    of this directive, all grammer rules of the specification are enforced in
+    the <code>Strict</code> operating mode.</p>
+    <p>Users are strongly cautioned against toggling the <code>Unsafe</code>
+    mode of operation for these reasons, most especially on outward-facing,
+    publicly accessible server deployments. Reviewing the messages within the
+    <code class="directive">ErrorLog</code> in the <code>info</code>
+    <code class="directive">LogLevel</code> or below can help identify such faulty
+    requests, along with their origin. Users should pay particular attention
+    to any 400 responses in the access log for indiciations that these requests 
+    are being correctly rejected.</p>
+    <p><a href="">RFC 2616 §19.6</a>
"Compatibility With Previous Versions" had
+    encouraged HTTP servers to support legacy HTTP/0.9 requests. RFC 7230
+    superceeds this with "The expectation to support HTTP/0.9 requests has
+    been removed" and offers additional comments in 
+    <a href="">RFC 2616 Appendix A</a>.
The <code>Require1.0</code> option allows
+    the user to remove support of the <code>Allow0.9</code> default option's
+    behavior.</p>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
 <div class="directive-section"><h2><a name="Error" id="Error">Error</a>
<a name="error" id="error">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Abort
configuration parsing with a custom error message</td></tr>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.en
--- httpd/httpd/trunk/docs/manual/mod/directives.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.en Tue Aug 16 18:11:47 2016
@@ -278,6 +278,7 @@
 <li><a href="mpm_common.html#enableexceptionhook">EnableExceptionHook</a></li>
 <li><a href="core.html#enablemmap">EnableMMAP</a></li>
 <li><a href="core.html#enablesendfile">EnableSendfile</a></li>
+<li><a href="core.html#enforcehttpprotocol">EnforceHTTPProtocol</a></li>
 <li><a href="core.html#error">Error</a></li>
 <li><a href="core.html#errordocument">ErrorDocument</a></li>
 <li><a href="core.html#errorlog">ErrorLog</a></li>

View raw message