On Tuesday 12 October 2010 18:13:46 William A. Rowe Jr. wrote:
> On 10/12/2010 10:06 AM, Dirk-Willem van Gulik wrote:
> > On 12 Oct 2010, at 15:30, Malte S. Stretz wrote:
> >> I had a quick look at the Apache source and the solution was simple:
> >> Just drop headers which contain any character outside the range
> >> [a-zA-Z0-9-]. The patch against trunk is attached.
> >
> > This made me think of something we had a while ago; and after
> > checking the logs - big +1 from me!
>
> Agreed, with a caviat... we aught to be able to toggle this for the
> rare but significant legacy app that requires it... which implies a
> per-dir flag that can override just one CGI script out of an entire
> server.
I think an option is not needed as there is a workaround. Eg. to make an
Accept_Encoding header work:
SetEnvIfNoCase ^Accept.Encoding$ ^(.*)$ fix_header=$1
RequestHeader set Accept-Encoding %{fix_header}e env=fix_header
(I had to use a regexp in SetEnvIf since for some reason comparing to an
invalid header doesn't work.)
Cheers,
Malte
