httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject post-CVE-2011-4317 (rewrite proxy unintended interpolation) rewrite PR's
Date Thu, 24 May 2012 15:12:01 GMT
There are a couple of PR's going around about people who were using
rewrite to operate on URL's now kicked out of mod_rewrite by default
(IIRC at least proxy:blah and CONNECT arg)

Should we just add a mod_rewrite directive or RewriteOption that opts
in to handling any URL and document the cautions in the directive?  I
don't mind doing that code and doc work to skip the new check to
unblock people before 2.2.23.  Please comment!

View raw message