https://bz.apache.org/bugzilla/show_bug.cgi?id=59886
--- Comment #2 from Christoph Anton Mitterer <cales...@scientia.net> --- Well, AFAIU, you're anyway going to block at least the Proxy header in httpd completely, now, aren't you? 1) has anyone checked whether such naming collisions occur on other HTTP_* names (which suexec would let pass all)? 2) Could it be that people use suexec (i.e. the binary) outside of Apache (e.g. behind some other webserver) and would thus benefit from blocking the env_var at that level as well? Cheers, Chris. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
