httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sternath, Elmar" <elmar.stern...@siemens.com>
Subject AW: [users@httpd] Special chars in third party module mod_getaccess
Date Mon, 08 Jan 2007 06:30:31 GMT
Hello Nick,

I defined an ssl error log in ssl.conf: 

ErrorLog J:/apache-nw2004s/logs/mobx-sievs001.de007.icn.siemens.de_error_ssl.log

In this file, I can find the error message.

The problem is that the GetAccess module does not accept URIs containing the '~' char, leading
to an HTTP Error 400. Why should it be a security problem to use URIs containing '~' chars??

Thanks,
Elmar
-----Urspr√ľngliche Nachricht-----
Von: Nick Kew [mailto:nick@webthing.com] 
Gesendet: Freitag, 5. Januar 2007 18:24
An: users@httpd.apache.org
Betreff: Re: [users@httpd] Special chars in third party module mod_getaccess

On Fri, 5 Jan 2007 16:44:40 +0100
"Sternath, Elmar" <elmar.sternath@siemens.com> wrote:

> Hello,
>  
> sorry for this slightly off-topic issue: the Entrust GetAccess module
> does not support certain special chars like '~':

What do you mean, "support"?  Where's that coming from?

> [Fri Jan 05 16:20:46 2007] [error] mod_getaccess::ga_check_access:
> Invalid URI:
> /webdynpro/resources/sap.com/tc~wd~dispwda/global/SSR/js/popup_ie6.js.
> '~' is NOT a valid char.
> 
> Has anyone experience with GetAccess to be able to provide a solution
> how to fix for this problem?

Not unless you tell us why it's a problem.  That looks like a
security feature to me.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message