Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 12144 invoked from network); 6 Feb 2003 13:02:31 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 6 Feb 2003 13:02:31 -0000 Received: (qmail 26336 invoked by uid 97); 6 Feb 2003 13:03:59 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@nagoya.betaversion.org Received: (qmail 26329 invoked from network); 6 Feb 2003 13:03:58 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 6 Feb 2003 13:03:58 -0000 Received: (qmail 11207 invoked by uid 500); 6 Feb 2003 13:02:21 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 11196 invoked from network); 6 Feb 2003 13:02:21 -0000 Received: from merc61.na.sas.com (149.173.6.14) by daedalus.apache.org with SMTP; 6 Feb 2003 13:02:21 -0000 Received: from merc17.na.sas.com ([10.16.13.34]) by merc61.na.sas.com with InterScan Messaging Security Suite for SMTP; Thu, 06 Feb 2003 08:02:21 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.0.6344.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Date: Thu, 6 Feb 2003 08:02:20 -0500 Message-ID: <8D966D6B75EB7F47AA300241BF2E1D0CFBA960@merc17.na.sas.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Thread-Index: AcLNxWW41G+pgyW3StyqaBm72wKsHgAGBLFQ From: "Larry Isaacs" To: "Tomcat Developers List" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N > -----Original Message----- > From: Ignacio J. Ortega [mailto:nacho@siapi.es]=20 > Sent: Thursday, February 06, 2003 4:51 AM > To: 'Tomcat Developers List' > Subject: RE: cvs commit:=20 > jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c >=20 >=20 > Larry, >=20 > >=20 > > Thanks. The restored mod_jk behavior is the same as > > Tomcat 3.3.x with , > > the default. Unsafe escapes give 403's. We can > > add a similar option to mod_jk to turn off the checking. > > Though, I can't image a situation where it would make > > sense to accept the risks to gain access to these escapes. =20 >=20 > The problem is that i_r2.dll is spitting 403 on any URL that contains > %2F, remeber fuilter do see ALL the request that pass for the IIS > server, we are rejecting URL NOT for tomcat, like in /test%2Ftest.asp, > this is the wrong behaviour the user seeing, and i think it's a little > agressive, dont you? so this needs to be solved.. >=20 > Saludos,=20 > Ignacio J. Ortega=20 >=20 >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org