httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: HTTP/1.1 strict ruleset
Date Thu, 11 Aug 2016 20:40:10 GMT
On Thu, Aug 11, 2016 at 6:56 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
>
> I haven't dug terribly deeply into the proxy mechanics yet, but the same
> parser for headers is used for response header processing as well as the
> request processing.

They don't share the same code, though, ap_proxy_read_headers() would
need the same "strictification" than ap_get_mime_headers(_ex)()
currently, or be replaced by the latter.

> It seems that the two need some potentially different
> rulesets. If you are running a forward proxy, you would want to be quite
> strict about the responses. If you are only a gateway of trusted backend
> servers and apps, you might want to be more tolerant (although Roy and
> Jim may disagree with me on this.)

+1, behind 2.2 proxies (but possibly 2.4 too), there are some outdated
backends/applications (supporting SSLv3 only...) that don't receive
many (if any) maintenance but just work, and for that reason where
placed behing a proxy.

Mime
View raw message