Re: apache 2.4 handling of subdomains with unallowed characters

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Am 24.01.2017 um 07:01 schrieb Nick Kew:
On Mon, 2017-01-23 at 21:26 +0000, Darryl Philip Baker wrote:

DNS doesn’t allow underscore in host and domain names so how a URL
with an underscore would have ever worked is beyond me.

Yeah, but is it the webserver's role to enforce that?

Old answer: be liberal in what you accept.
New answer: enforce HTTP much more strictly to pre-empt the next
security alert based on smuggling something through.

In reply to the OP, does HTTPProtocolOptions may be what you're
looking for, though I haven't verified it.
yes, HttpProtocolOptions is the option i was looking for, Thanks. The invalid subdomain is working again.
I am aware of dangers by setting this to unsafe. I will try to avoid this und eliminate this invalid hosts.

Thanks,
Hajo
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux