httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Blacklisting HTTP_PROXY variable for CGIs?
Date Thu, 05 Feb 2015 14:33:49 GMT
Hi

On Sun, Feb 1, 2015 at 9:04 AM, Stefan Fritsch <sf@sfritsch.de> wrote:
> What do you think?

+1

> If you agree, how should the config directive be
> called? BlacklistEnv (on/off for now but maybe a list of vars in the
> future)?

Maybe a regexp?
That would also allow whitelisting with something like "^(?!whitelist)$".

Regards,
Yann.

Mime
View raw message