www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_log-any/5747 (fwd)
Date Mon, 21 Feb 2000 18:50:03 GMT
The following reply was made to PR mod_log-any/5747; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Apache bugs database <apbugs@apache.org>
Cc:  
Subject: Re: mod_log-any/5747 (fwd)
Date: Mon, 21 Feb 2000 11:41:17 -0700 (MST)

 ---------- Forwarded message ----------
 Date: Sat, 12 Feb 2000 15:57:25 -0500 (EST)
 From: TTSG <ttsg@ttsg.com>
 To: Marc Slemko <marcs@znep.com>
 Subject: Re: mod_log-any/5747
 
 > 
 > Sorry, I think you had better look again.  The client doesn't send it,
 > period.  If it did sent it in some cases, then that would be a major
 > security hole and should be fixed in the client.  As it is, allowing this
 > to be specified in the URL is a security hole and should never have been
 > implemented by browsers.  The way it is implemented is a hack that only
 > partially works and has numerous problems.
 > 
 	From a Netscape server log :
 
 format=%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] "%Req->reqpb.clf-re
 uest%" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length% "%Req->headers.r
 ferer%" "%Req->headers.user-agent%"
 
 208.33.224.36 - - [12/Feb/2000:12:54:27 -0800] "GET /protected/news2.htm HTTP/1.
 0" 401 223 "http://furer:deg6@207.87.7.16/mea1x.htm" "Mozilla/4.03 [en] (Win95; 
 I)"
 
 
 			Tuc/TTSG
 

Mime
View raw message