httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Burry <dbu...@tagnet.org>
Subject recent chunked encoding fix -vs- mod_proxy...
Date Wed, 10 Jul 2002 01:56:02 GMT
I have a situation where I have an external-facing apache server proxying to another apache
server inside a firewall.  I've updated the proxying one to Apache 1.3.26 so that it won't
get hacked due to the chunked encoding bug, but I'm not able to upgrade the other one behind
the firewall for quite some time (a few months since it's integrated with another product).
 I've been trying to figure out if I'm vulnerable externally or not in this situation.

It appears to me that I'm not, because it looks to me like the mod_proxy handler calls the
same core chunked reading functionality that the rest of Apache uses (i.e. from main/http_protocol.c)
and that appears to be where all the fixes were made.

However, I thought I'd run this by you good folks here since you're a lot more experienced
with the Apache code than I am (just 2 days for me so far)....

Dave


Mime
View raw message