On Wed, 7 Nov 2012, Nick Kew wrote:
What do you think?
I've made occasional efforts in this direction in the past,
but never seen much interest in bringing such functionality
into core (as opposed to WAF).
One such: http://people.apache.org/~niq/mod_taint.html
What you proposed there was broader in scope, using regular expressions
allowing lots of flexibility and allowing it to be adjusted to your
webapps. I really only want to interpret the RFCs more strictly, and do
that fast.
Looking at mod_taint, I think it may be useful for 2.2. But in 2.4, quite
a bit of it can be done with <If>:
<If "%{req:foo} !~ /^(\w)$/" >
Require all denied
</If>
