httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Poirier <poir...@pobox.com>
Subject Re: Please vote - how to handle AllowEncodedSlashes
Date Wed, 26 Jan 2011 15:35:08 GMT
On 01/21/2011 01:20 PM, Dan Poirier wrote:
> Can we take an informal vote on how best to handle AllowEncodedSlashes?
>
> At present, AllowEncodedSlashes Off (the default) results in any request
> containing an encoded slash, %2F, being rejected with a 404.
>
> In 2.0 and trunk, AllowEncodedSlashes On allows the encoded slash, but
> does not decode it.  This keeps httpd from misinterpreting an encoded
> slash in a request as a path separator.  I believe this was always
> the intended behavior.
>
> In 2.2, AllowEncodedSlashes On allows the encoded slash, and decodes it.
> This has caused problems for multiple people (see bugzilla, e.g. PR
> 35256), but has been the behavior since 2.2.0 (introduced in
> 2.1.something, I believe unintentionally).

One correction for the record - 2.0 behaves like 2.2.  I doubt it's 
worth fixing, though.


Mime
View raw message