httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: [users@httpd] apache 2.4 handling of subdomains with unallowed characters
Date Tue, 24 Jan 2017 06:01:18 GMT
On Mon, 2017-01-23 at 21:26 +0000, Darryl Philip Baker wrote:
> DNS doesn’t allow underscore in host and domain names so how a URL
> with an underscore would have ever worked is beyond me.

Yeah, but is it the webserver's role to enforce that?

Old answer: be liberal in what you accept.
New answer: enforce HTTP much more strictly to pre-empt the next
security alert based on smuggling something through.

In reply to the OP, does HTTPProtocolOptions may be what you're
looking for, though I haven't verified it.

Nick Kew

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message