httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan Bloom" <...@covalent.net>
Subject RE: [Bug 9488] - HTTP/0.9 requests spoken on https port returns HTTP/1.0 response
Date Mon, 03 Jun 2002 23:28:47 GMT
> From: Ben Laurie [mailto:ben@algroup.co.uk]
> 
> Cliff Woolley wrote:
> > On Mon, 3 Jun 2002, Ryan Bloom wrote:
> >
> >
> >>I was actually just about to look at this problem if you are busy.
> >
> >
> > Go for it... I'm working on something else.
> 
> Perhaps its just me, but I'm amused this is considered a bug.

It's a security hole IMO.  The problem is that if you rewrite the URL
.*, then the error URL that mod_ssl will be rewritten.  This means that
you can serve information over HTTP that was supposed to be restricted
to HTTPS.

Ryan



Mime
View raw message