> > On Tue, 2005-03-08 at 13:17 +1300, Reuben Farrelly wrote: > > > I'll put a request in Fedora Core bugzilla, for the maintainer to > > upgrade the package to -STABLE9.. > > > > reuben > > Wow. thanks. > > So this is safe? Has anyone looked into the security aspects of very > badly implemented HTTP Headers (and their Servers)? > - Squid did,on recent releases and now offers the squid admin. various choices : # TAG: relaxed_header_parser on|off|warn # In the default "on" setting Squid accepts certain forms # of non-compliant HTTP messages where it is unambiguous # what the sending application intended even if the message # is not correctly formatted. The messages is then normalized # to the correct form when forwarded by Squid. # # If set to "warn" then a warning will be emitted in cache.log # each time such HTTP error is encountered. # # If set to "off" then such HTTP errors will cause the request # or response to be rejected. # M.
