Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 52711 invoked from network); 11 Apr 2008 11:00:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Apr 2008 11:00:01 -0000 Received: (qmail 60068 invoked by uid 500); 11 Apr 2008 10:59:50 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 59958 invoked by uid 500); 11 Apr 2008 10:59:50 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 59943 invoked by uid 99); 11 Apr 2008 10:59:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Apr 2008 03:59:50 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of remy.maucherat@gmail.com designates 64.233.184.232 as permitted sender) Received: from [64.233.184.232] (HELO wr-out-0506.google.com) (64.233.184.232) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Apr 2008 10:59:08 +0000 Received: by wr-out-0506.google.com with SMTP id c46so765571wra.18 for ; Fri, 11 Apr 2008 03:59:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=8tEeU0cz3J+ODib76x18fxUr3QybPIGksHji2tIrMKM=; b=p9yl+C8EtwmAYQt8MFMzF4gFLjOIYjNnCNBM6yxIz041pLf0r0Yp3egLMxXZQp3HUVMnXjMnO2g6GTH/31a1poSD/dftBCy1IHCxpyYpUIxZfYEZyEc6Wgxv0pb17oWl4kFt9IqMptsw9Dy3TXGxVXLk31qwbA8K076hX7Yf9Do= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bX6pMptqx097GhyEPqN0jf1bNRiunPJnUC8keXjuuGMXdVCb65JytjCqjqNQV1ExGDuV6/na4z0ngLeH+B2ixaJX2ied7uPjAZDlkhISI70l5PyU2BANBZ/DiRaKzZXkEVJy1LQmbUeH1fUzyFD0dIdFT9JoZPs24Mig4/BDLj8= Received: by 10.114.170.2 with SMTP id s2mr2964902wae.163.1207911559329; Fri, 11 Apr 2008 03:59:19 -0700 (PDT) Received: by 10.114.108.5 with HTTP; Fri, 11 Apr 2008 03:59:19 -0700 (PDT) Message-ID: <6d959d480804110359y6698c3a7h83c50ff5a74eff6d@mail.gmail.com> Date: Fri, 11 Apr 2008 12:59:19 +0200 From: "=?ISO-8859-1?Q?R=E9my_Maucherat?=" To: "Tomcat Users List" Subject: Re: %3B in path-info In-Reply-To: <47FED24D.1070907@ptc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <47FE3C84.40009@ptc.com> <47FE821F.1030400@ptc.com> <47FE8359.1060801@apache.org> <47FE8B7E.1050901@ptc.com> <47FE8DD1.3050207@apache.org> <47FE927D.6050406@ptc.com> <6d959d480804101548r70dc065cxc16541c54aefe931@mail.gmail.com> <47FEA9B9.6070101@kippdata.de> <6d959d480804101838k4dff376eoaa6bc78ac75c26ea@mail.gmail.com> <47FED24D.1070907@ptc.com> X-Virus-Checked: Checked by ClamAV on apache.org On Fri, Apr 11, 2008 at 4:51 AM, Jess Holle wrote: > Agreed -- but that draws me back to the need for an option (or default > behavior!) in mod_proxy_ajp wherein the URL passed to via AJP is not > decoded. The thing is that it is news to me that mod_proxy_ajp passes decoded URLs ;) I am pretty sure I was told when this security problem was originally found (and the mod_jk default was changed as a result) that this was not the case. R=E9my --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org