httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: [franklin_tech_bulletins@yahoo.com: IBM AS/400 HTTP Server '/' attack]
Date Fri, 09 Nov 2001 11:10:32 GMT
john sachs wrote:
> 
> anyway, in doing so, i noticed that 1.3 serves the page
> as you'd expect.  in 2.0, you get 404.  which is "correct"?

404 is most definitely not correct.  Adding a '/', optionally
followed by more data, to the end of a mapped filename is
perfectly valid and defines the 'path-info'.  1.3 seems to be
correctly differentiating between the resource and its path-info;
2.0 is probably trying to treat the whole thing as a resource
and hence not finding it.

Code for a 200 return, and a response body that matches the
document's correctly-rendered (as opposed to raw) content.
-- 
#ken	P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist      http://Apache-Server.Com/

"All right everyone!  Step away from the glowing hamburger!"

Mime
View raw message