httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: Rethinking "be liberal in what you accept"
Date Wed, 07 Nov 2012 13:30:07 GMT
On Wed, 7 Nov 2012, Nick Kew wrote:
>> What do you think?
>
> I've made occasional efforts in this direction in the past,
> but never seen much interest in bringing such functionality
> into core (as opposed to WAF).
>
> One such: http://people.apache.org/~niq/mod_taint.html

What you proposed there was broader in scope, using regular expressions 
allowing lots of flexibility and allowing it to be adjusted to your 
webapps. I really only want to interpret the RFCs more strictly, and do 
that fast.

Looking at mod_taint, I think it may be useful for 2.2. But in 2.4, quite 
a bit of it can be done with <If>:

<If "%{req:foo} !~ /^(\w)$/" >
   Require all denied
</If>

Mime
View raw message