On Wed Jun 19 17:54:02 2002 +0400 Igor Sysoev wrote: >On 19 Jun 2002, Ilya Martynov wrote: > >> If you still do not know about it: >> >> http://httpd.apache.org/info/security_bulletin_20020617.txt >> >> Now mod_perl question. mod_perl servers often are used as backend >> servers. I.e. they are not accessed directly but they are accessed >> either via fronted Apache or via proxy (like squid or oops) in >> accelerated mode. As I understand advisory in this case backend >> mod_perl server is not vulnerable since attacker do not have direct >> access to it. >> >> Can anybody confirm it? > >If your backend is proxied via mod_proxy or mod_accel then backend is not >vulnerable because both modules do not accept client's chunked body at all. >I can not say anything about Squid and Oops. >
They have in the changelog for 1.3.26: * A large number of fixes in mod_proxy including: adding support for dechunking chunked responses, correcting a timeout problem <...> Does this change anything? I.e. backend is still safe? -- ☻ Ričardas Čepas ☺