On Mon, 2017-01-23 at 21:26 +0000, Darryl Philip Baker wrote: > DNS doesn’t allow underscore in host and domain names so how a URL > with an underscore would have ever worked is beyond me. Yeah, but is it the webserver's role to enforce that? Old answer: be liberal in what you accept. New answer: enforce HTTP much more strictly to pre-empt the next security alert based on smuggling something through. In reply to the OP, does HTTPProtocolOptions may be what you're looking for, though I haven't verified it. -- Nick Kew --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx