On Mon, 08 Oct 2007 11:17:23 +0200 Ruediger Pluem <[EMAIL PROTECTED]> wrote:
> Please check that your patch does not fall into the traps I mentioned > in > > http://mail-archives.apache.org/mod_mbox/httpd-dev/200709.mbox/[EMAIL > PROTECTED] Yesterday's discovery that suddenly makes this look easy, is that we're talking about a canonicalisation happening in fixups, long after the security-sensitive parsing of incoming URLs. I'm currently concentrating on the forward proxy. The reverse proxy is different, and the code path in question is already slightly different for it. Testcasing that is the main remaining TBD. BTW, I should've added: a good forward proxy testcase is the URL posted by the reporter in PR#42592. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
