Hrm.... I would be prone to either removing this patch, or at least redoing it. As some of you may recall, I mentioned this area a little bit ago regarding our use and expectation of ANSI sscanf() here as well.
However, isn't what we are doing correct? It *is* an invalid protocol statement... I'd be willing to wrap this in a new directive, so we have both. Rodent of Unusual Size wrote: > > Not acked (by me, at least). I can feel their pain.. > > -------- Original Message -------- > Subject: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26 > Date: Wed, 03 Jul 2002 12:49:26 -0600 > From: Christopher Williamson <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] > > I sent this a week ago directly to Martin and never got a response, can anyone > else please help? If not, I will open a bug in BugZilla about it. > > ------- Forwarded Message > > Forwarded: Tue, 25 Jun 2002 22:39:36 -0600 > Forwarded: "jon,ben,roden " > Subject: URGENT: Bug/compatability issue in Apache 1.3.26 > To: [EMAIL PROTECTED] > X-URL: http://www.dq.com/ > Date: Tue, 25 Jun 2002 17:52:59 -0600 > From: Christopher Williamson <chrisw> > > I am writing in hopes that you can help us with an urgent problem we are > having with a bug fix you put into Apache 1.3.26 I have spent two days > tracking this down and am certain the issue is with your fix. > > Due to an error in OUR online game code, we were incorrectly requesting > files using 'HTTP-1.0' instead of 'HTTP/1.0' on the GET request line. As you > know, this is wrong. However, suprisingly, this worked just fine for several > years with both Apache and other Web servers, presumably because the server > just ignored it or defaulted to HTTP/1.0. If you want to test, try our > down-level Apache server at lobby.dqsoft.com with GET /index.html HTTP-1.0 > I am sure I am not the only one with this problem, as there are several > socket tutorials and such that incorrectly say 'HTTP-1.0'. > > However, as of 1.3.26 this GET request now results in a 400 Bad Request > and as a result, all of our current online games cannot retrieve the config > files causing numerous problems. > > You would correctly argue that we should fix this on our end, which we already > have done. However, the 'we are screwed' part is that the 50,000 some odd > folks out there with our online games can no longer get news, updates, alerts, > etc. from our Web site using Apache. To make matters worse, we cant simply > redirect the files since the requests fail immediately, the only solution for > us is to switch to a M$ server or a down-level Apache build with the security > vulnerability for our entire domain! > > In the short-term, I am convincing our Web hosts to move us to a down-level > server. However, I would like to ask if you would please strongly consider > putting a 'fix' into the next Apache release to handle this incorrect format > in a backward-compatible fashion. When the next update occurs, we can ask > our host to then upgrade us knowing that our old games will still work > without compromising our site's security or resorting to a competing server. > > I thank you for your time and support of Apache. If you need help or > clarification, please dont hesitate to write back. Even just a quick > 'we are looking into it' would help me rest easier. > > Christopher Williamson > President, DreamQuest Software (http://dq.com/) > "Championship Spades is the first cross-platform wireless game!" > > ------- End of Forwarded Message > -- =========================================================================== Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" - T.Jefferson
