httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: security holes and other fun stuff
Date Tue, 16 Jul 1996 16:54:48 GMT
On Tue, 16 Jul 1996, Ben Laurie wrote:

> > Hmm. No. I think the real solution (and http11.patch has this in it, btw,
> > since the HTTP/1.1 spec mandates it*) is to change line 376 from ": 0" to
> > ": 80". Try that, see if it works.
> Shouldn't it be the port the connection is on rather than 80?

I dunno. I suppose that would be the ideal way to do it; Apache
wouldn't have to know anything about https then. But the HTTP/1.1 spec
does say that it should be interpreted as the default port. I do
agree, though, that IMHO, the best may be to change ": 0" to ":


> Of course, if the connection is HTTPS, the "default port" is 443. But, like I
> say, I think no port should mean "the same port as this connection".

I don't know if we get to make that decision. Roy?

Alexei Kosut <>      The Apache HTTP Server

View raw message