tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry Isaacs" <Larry.Isa...@sas.com>
Subject RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Date Thu, 06 Feb 2003 13:02:20 GMT


> -----Original Message-----
> From: Ignacio J. Ortega [mailto:nacho@siapi.es] 
> Sent: Thursday, February 06, 2003 4:51 AM
> To: 'Tomcat Developers List'
> Subject: RE: cvs commit: 
> jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
> 
> 
> Larry,
> 
> > 
> > Thanks.  The restored mod_jk behavior is the same as
> > Tomcat 3.3.x with <DecodeInterceptor ... safe="true"/>,
> > the default.  Unsafe escapes give 403's.  We can
> > add a similar option to mod_jk to turn off the checking.
> > Though, I can't image a situation where it would make
> > sense to accept the risks to gain access to these escapes.  
> 
> The problem is that i_r2.dll is spitting 403 on any URL that contains
> %2F, remeber fuilter do see ALL the request that pass for the IIS
> server, we are rejecting URL NOT for tomcat, like in /test%2Ftest.asp,
> this is the wrong behaviour the user seeing, and i think it's a little
> agressive, dont you? so this needs to be solved..
> 
> Saludos, 
> Ignacio J. Ortega 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message