httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26
Date Wed, 03 Jul 2002 19:15:51 GMT
Not acked (by me, at least).  I can feel their pain..

-------- Original Message --------
Subject: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26
Date: Wed, 03 Jul 2002 12:49:26 -0600
From: Christopher Williamson <chrisw@dq.com>
To: martin@apache.org, support@apache.org, bugs@apache.org

I sent this a week ago directly to Martin and never got a response, can anyone
else please help?  If not, I will open a bug in BugZilla about it.

------- Forwarded Message

Forwarded: Tue, 25 Jun 2002 22:39:36 -0600
Forwarded: "jon,ben,roden "
Subject: URGENT: Bug/compatability issue in Apache 1.3.26
To: martin@apache.org
X-URL: http://www.dq.com/
Date: Tue, 25 Jun 2002 17:52:59 -0600
From: Christopher Williamson <chrisw>

I am writing in hopes that you can help us with an urgent problem we are 
having with a bug fix you put into Apache 1.3.26  I have spent two days
tracking this down and am certain the issue is with your fix.

Due to an error in OUR online game code, we were incorrectly requesting
files using 'HTTP-1.0' instead of 'HTTP/1.0' on the GET request line.  As you
know, this is wrong.  However, suprisingly, this worked just fine for several
years with both Apache and other Web servers, presumably because the server 
just ignored it or defaulted to HTTP/1.0.  If you want to test, try our
down-level Apache server at lobby.dqsoft.com with GET /index.html HTTP-1.0
I am sure I am not the only one with this problem, as there are several 
socket tutorials and such that incorrectly say 'HTTP-1.0'.

However, as of 1.3.26 this GET request now results in a 400 Bad Request
and as a result, all of our current online games cannot retrieve the config
files causing numerous problems.

You would correctly argue that we should fix this on our end, which we already
have done.  However, the 'we are screwed' part is that the 50,000 some odd 
folks out there with our online games can no longer get news, updates, alerts,
etc. from our Web site using Apache.  To make matters worse, we cant simply 
redirect the files since the requests fail immediately, the only solution for
us is to switch to a M$ server or a down-level Apache build with the security
vulnerability for our entire domain!

In the short-term, I am convincing our Web hosts to move us to a down-level
server.  However, I would like to ask if you would please strongly consider
putting a 'fix' into the next Apache release to handle this incorrect format
in a backward-compatible fashion.  When the next update occurs, we can ask
our host to then upgrade us knowing that our old games will still work
without compromising our site's security or resorting to a competing server.

I thank you for your time and support of Apache.  If you need help or 
clarification, please dont hesitate to write back.  Even just a quick 
'we are looking into it' would help me rest easier.

Christopher Williamson
President, DreamQuest Software (http://dq.com/)
"Championship Spades is the first cross-platform wireless game!"

------- End of Forwarded Message

Mime
View raw message