httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <...@apache.org>
Subject Re: [users@httpd] apache 2.4 handling of subdomains with unallowed characters
Date Tue, 24 Jan 2017 06:01:18 GMT
On Mon, 2017-01-23 at 21:26 +0000, Darryl Philip Baker wrote:
> DNS doesn’t allow underscore in host and domain names so how a URL
> with an underscore would have ever worked is beyond me.

Yeah, but is it the webserver's role to enforce that?

Old answer: be liberal in what you accept.
New answer: enforce HTTP much more strictly to pre-empt the next
security alert based on smuggling something through.

In reply to the OP, does HTTPProtocolOptions may be what you're
looking for, though I haven't verified it.

-- 
Nick Kew



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message