Not acked (by me, at least). I can feel their pain.. -------- Original Message -------- Subject: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26 Date: Wed, 03 Jul 2002 12:49:26 -0600 From: Christopher Williamson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
I sent this a week ago directly to Martin and never got a response, can anyone else please help? If not, I will open a bug in BugZilla about it. ------- Forwarded Message Forwarded: Tue, 25 Jun 2002 22:39:36 -0600 Forwarded: "jon,ben,roden " Subject: URGENT: Bug/compatability issue in Apache 1.3.26 To: [EMAIL PROTECTED] X-URL: http://www.dq.com/ Date: Tue, 25 Jun 2002 17:52:59 -0600 From: Christopher Williamson <chrisw> I am writing in hopes that you can help us with an urgent problem we are having with a bug fix you put into Apache 1.3.26 I have spent two days tracking this down and am certain the issue is with your fix. Due to an error in OUR online game code, we were incorrectly requesting files using 'HTTP-1.0' instead of 'HTTP/1.0' on the GET request line. As you know, this is wrong. However, suprisingly, this worked just fine for several years with both Apache and other Web servers, presumably because the server just ignored it or defaulted to HTTP/1.0. If you want to test, try our down-level Apache server at lobby.dqsoft.com with GET /index.html HTTP-1.0 I am sure I am not the only one with this problem, as there are several socket tutorials and such that incorrectly say 'HTTP-1.0'. However, as of 1.3.26 this GET request now results in a 400 Bad Request and as a result, all of our current online games cannot retrieve the config files causing numerous problems. You would correctly argue that we should fix this on our end, which we already have done. However, the 'we are screwed' part is that the 50,000 some odd folks out there with our online games can no longer get news, updates, alerts, etc. from our Web site using Apache. To make matters worse, we cant simply redirect the files since the requests fail immediately, the only solution for us is to switch to a M$ server or a down-level Apache build with the security vulnerability for our entire domain! In the short-term, I am convincing our Web hosts to move us to a down-level server. However, I would like to ask if you would please strongly consider putting a 'fix' into the next Apache release to handle this incorrect format in a backward-compatible fashion. When the next update occurs, we can ask our host to then upgrade us knowing that our old games will still work without compromising our site's security or resorting to a competing server. I thank you for your time and support of Apache. If you need help or clarification, please dont hesitate to write back. Even just a quick 'we are looking into it' would help me rest easier. Christopher Williamson President, DreamQuest Software (http://dq.com/) "Championship Spades is the first cross-platform wireless game!" ------- End of Forwarded Message
