Re: CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 13, 2023 at 7:38 AM Thomas Åkesson
<thomas.akesson@xxxxxxxxxxxx> wrote:
>
>
> >>>> Try e.g. [R,B= ?,...]
> >>>>
> >>>> The question mark is to avoid the issue of not being able to have " "
> >>>> as the final character in this syntax.
> >>>
> >>
> >> Sorry, the above doesn't work. Someone reported in another thread: [R,B=\ ]
> >
> > The real trick seems to be quoting the entirety of the flags, then
> > finding any 2nd character to escape.
> > RewriteRule ... "[B= ?]"
>
> Thanks for pointing that out. Quoting the entirety of the flags works. Would be great to get that into the documentation.
>
> https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_b

There is now some text and an example there at the bottom. You may
need to shift-refresh to see it.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux