httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Mearns <>
Subject Re: [users@httpd] Validating HTTP requests
Date Mon, 09 Mar 2009 12:51:24 GMT
On Mon, Mar 9, 2009 at 7:57 AM, Florent Georges <> wrote:
>  Hi,
>  I am looking for an HTTPD module.  I've made a few searches
> within the repository but didn't find anything.  So just in
> case I missed something...
>  I look for a tool to validate HTTP requests.  The perfect
> tool would install in the HTTP server and respond to HTTP
> requests with a validation report (as text, or XML, or HTML,
> or whatever.)  By validating, I mean validate the request
> against the HTTP grammar, checking that required info are
> there, that "\r\n" are used and not just "\n", checking that
> multipart requests are well-formed (Content-Length are
> corrects, so are boundaries, etc.,) the different headers,
> etc.
>  Do you know something corresponding (at least vaguely) to
> that description?  If you know any library that does that job
> (instead of an HTTPD module,) I am also interested, I can
> write a CGI script or anything else to plug it.
>  Regards,
> --
> Florent Georges

Sorry, don't know of anything in particular, but it seems to me that
Apache itself would necessarily be doing some amount of validation on
the in coming requests. I don't know how strict Apache is at enforcing
the HTTP spec; probably not terribly as it's usually desirable to be a
little lenient about what you accept (and strict about what you
produce). But generally speaking, if Apache doesn't recognize it as a
valid HTTP request, then it won't be able to process it. Not sure if
that gets filed somewhere, or what.


Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message