www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Finch <...@dotat.at>
Subject Re: general/6551: Hostnames with underscore produce "Client sent malformed Host header"
Date Mon, 25 Sep 2000 22:48:58 GMT
Cott Lang <cott@internetstaff.com> wrote:
>
>I could understand this response of "must default to comply with the 
>standard" if the standard wasn't MORE restrictive for no practical purpose. 
>What exactly is the DOWNSIDE of this modification?   Apache worked like 
>this for how many YEARS?

The reason for the change was a security problem related to mass
virtual hostng configurations using mod_rewrite or mod_vhost_alias:
because the server didn't check the syntax of hostnames these
configurations could expose any file on the system to remote
attackers.

Tony.
-- 
en oeccget g mtcaa    f.a.n.finch
v spdlkishrhtewe y    dot@dotat.at
eatp o v eiti i d.    fanf@covalent.net

Mime
View raw message