httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: [Bug 9488] - HTTP/0.9 requests spoken on https port returns HTTP/1.0 response
Date Tue, 04 Jun 2002 10:15:21 GMT
Ryan Bloom wrote:
>>From: Ben Laurie []
>>Cliff Woolley wrote:
>>>On Mon, 3 Jun 2002, Ryan Bloom wrote:
>>>>I was actually just about to look at this problem if you are busy.
>>>Go for it... I'm working on something else.
>>Perhaps its just me, but I'm amused this is considered a bug.
> It's a security hole IMO.  The problem is that if you rewrite the URL
> .*, then the error URL that mod_ssl will be rewritten.  This means that
> you can serve information over HTTP that was supposed to be restricted
> to HTTPS.

Sorry, I don't understand this - seems like you missed a word or two out?




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

View raw message