httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: security holes and other fun stuff
Date Tue, 16 Jul 1996 20:50:12 GMT
Alexei Kosut wrote:
> On Tue, 16 Jul 1996, Ben Laurie wrote:
> > > Hmm. No. I think the real solution (and http11.patch has this in it, btw,
> > > since the HTTP/1.1 spec mandates it*) is to change line 376 from ": 0" to
> > > ": 80". Try that, see if it works.
> > 
> > Shouldn't it be the port the connection is on rather than 80?
> I dunno. I suppose that would be the ideal way to do it; Apache
> wouldn't have to know anything about https then. But the HTTP/1.1 spec
> does say that it should be interpreted as the default port. I do
> agree, though, that IMHO, the best may be to change ": 0" to ":
> r->server->port".
> [...]
> > Of course, if the connection is HTTPS, the "default port" is 443. But, like I
> > say, I think no port should mean "the same port as this connection".
> I don't know if we get to make that decision. Roy?

I put some Deep Thought (tm) into this while building Apache-SSL 1.1.1+1.3, and
I decided that, in fact, no port number really should mean the default port,
for consistency with the rest of the universe. This is the patch that
Apache-SSL applies to 1.1.1 anyway.

Whilst we're on the subject of virtual hosts, something has been nagging at me.
The other day, we set up a server running on Then we wanted to
extend it to (we were doing some experiments), so the trainee
Webmaster set up two virtual hosts:



This caused Apache to crash. Commenting out the first pair of VirtualHosts
sorted it out. It would be neat if this worked, IMHO. Certainly it shouldn't




> -- 
> ________________________________________________________________________
> Alexei Kosut <>      The Apache HTTP Server
> URL:

Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email:
A.L. Digital Ltd,           URL:
London, England.            Apache Group member (

View raw message