Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id ADFEC200C04 for ; Tue, 24 Jan 2017 08:28:48 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id AC949160B4B; Tue, 24 Jan 2017 07:28:48 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 02594160B3D for ; Tue, 24 Jan 2017 08:28:47 +0100 (CET) Received: (qmail 63507 invoked by uid 500); 24 Jan 2017 07:28:46 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 63496 invoked by uid 99); 24 Jan 2017 07:28:46 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jan 2017 07:28:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 20EC9C10B4 for ; Tue, 24 Jan 2017 07:28:46 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.298 X-Spam-Level: * X-Spam-Status: No, score=1.298 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id U77YdfjcJ03r for ; Tue, 24 Jan 2017 07:28:43 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id D83125FD47 for ; Tue, 24 Jan 2017 07:28:42 +0000 (UTC) Received: from [192.168.6.96] ([85.13.159.250]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LyEUz-1cQPro3Gib-015dNX for ; Tue, 24 Jan 2017 08:28:41 +0100 To: users@httpd.apache.org References: <89630e940dbb4ada9d57bf4ffa85693a@evcspmbx04.ads.northwestern.edu> <1485237678.3937.4.camel@mimir.webthing.com> From: Hajo Locke Message-ID: Date: Tue, 24 Jan 2017 08:27:21 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <1485237678.3937.4.camel@mimir.webthing.com> Content-Type: multipart/alternative; boundary="------------5F8C75679C9AA1DDC41D9E2F" X-Provags-ID: V03:K0:xOWjWlBsieBsQjKP2sEwjfLPXjfjY9GCnNghvDuYw84uSLhLuO6 FH0XThf4JIGMX9awpT5GHx7vjA42y9n0UAPNiC+F+PC2KiGWPSf1iqvo1Y8aJhu1xF0U3Ou syYNtA1NC/lDI1eqln+bE2n2KKlbv1xYdPlIT4wjC0W1KTjVv+PKSvZ+m5Tey3wzwHFo4/N 7OgYS2Ij3muZ1eY4qAG3Q== X-UI-Out-Filterresults: notjunk:1;V01:K0:2Mpi4vWUtG0=:RL4R/NM2kqXZeO45YCG1n0 SR7mHjRUV+2dnKCp1IYJDh1mB0yvOVkjIS9f570e85wP5nqqYwLyiEEcSH48AZMWfX/LKgp/z J6OslvvGbfv1XFIsymhmQgnPk8HtuzC061/8e7i7hELs76j4svX1+HfXpxAzcRA1R8qa/aDNM ZZZij4QHnzTUjSIkeEflgvReGAQ+UYFFxodGeuLTxCr/sbNvTPzY3oCwzg4G244YPJh3a8y2T hcPj1DLgxuafCuTr514VwDv6mASg5V9oyrXoUqIz5Tlz7HtzYmLZHhM565fQa17/4AnFrGJBq GUIWbZeuDtJKxorH0yKk/Di+Kn3UkGdx4jYgavIpIKhlYeoIBz/GIfqh7aXSiJsUA7ETQSbwm 4dEQYYYqQ+eOhbXSUCw+cXUnV9apJr+zFujV6uEq6xcPhoiwWDNYrNrOTl2K9ULEpLv3FH2rL X7A2yRJAZUSfY0tGibEqRAYE/IwJ8At+Y7621YURE/ylImp0PkHjknE/wbUz8qht8DYrrRkFE ceYY6kL3HwdBgixgOsrlas+l/1kwvoxwBAT0BRtVggpmXKmLb5tOgTMvE1sboKszqQX27WfZV WHX1lm3QdUHR7WXvgPPGb1C2HdveuDep59uDihg0fhanagmGR80MeVAW1/CsGoJb8rD8TZczp YcyWjE4Aj77U9jNnj69cc3HqRGMzRpMgcYX6ZqusDSqzrM/4BpIQtSGXsJLwr+spuXmTSMxn6 1vO4WX+TrUuTtIzFd4SfXZeLSlmMzGhkGbp+Xkr567qI3wHzpiBLfIgPk3hJ3wesyuHu8dRrp 2YDNIOu Subject: Re: [users@httpd] apache 2.4 handling of subdomains with unallowed characters archived-at: Tue, 24 Jan 2017 07:28:48 -0000 --------------5F8C75679C9AA1DDC41D9E2F Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Hello, Am 24.01.2017 um 07:01 schrieb Nick Kew: > On Mon, 2017-01-23 at 21:26 +0000, Darryl Philip Baker wrote: >> DNS doesn’t allow underscore in host and domain names so how a URL >> with an underscore would have ever worked is beyond me. > Yeah, but is it the webserver's role to enforce that? > > Old answer: be liberal in what you accept. > New answer: enforce HTTP much more strictly to pre-empt the next > security alert based on smuggling something through. > > In reply to the OP, does HTTPProtocolOptions may be what you're > looking for, though I haven't verified it. > yes, |HttpProtocolOptions is the option i was looking for, Thanks. The invalid subdomain is working again. I am aware of dangers by setting this to unsafe. I will try to avoid this und eliminate this invalid hosts. Thanks, Hajo | --------------5F8C75679C9AA1DDC41D9E2F Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Hello,

Am 24.01.2017 um 07:01 schrieb Nick Kew:
On Mon, 2017-01-23 at 21:26 +0000, Darryl Philip Baker wrote:

DNS doesn’t allow underscore in host and domain names so how a URL
with an underscore would have ever worked is beyond me.

Yeah, but is it the webserver's role to enforce that?

Old answer: be liberal in what you accept.
New answer: enforce HTTP much more strictly to pre-empt the next
security alert based on smuggling something through.

In reply to the OP, does HTTPProtocolOptions may be what you're
looking for, though I haven't verified it.
yes, HttpProtocolOptions is the option i was looking for, Thanks. The invalid subdomain is working again.
I am aware of dangers by setting this to unsafe. I will try to avoid this und eliminate this invalid hosts.

Thanks,
Hajo
 --------------5F8C75679C9AA1DDC41D9E2F--