Gordon Messmer, On Thursday January 23, 2003 08:43, Gordon Messmer wrote: > On Thu, 2003-01-23 at 14:48, Brian Ashe wrote: > > On Thursday January 23, 2003 04:46, Peter Kiem wrote: > > > Hi Gordon, > > > > > > > The status 200 may indicate that you're vulnerable to the problem > > > > they're testing for. What version of apache are you running? On > > > > what platform? Have you enabled proxying? > > > > > > That's what I am worried about. > > > > Don't worry (yet). The 200 response doesn't mean they've gotten through. > > > > Do this simple test... > > ... > > > If you get your normal index page, then all is well. > > Did you try your test? I've tried the CONNECT command against several > servers, and always get a 405 message. Apache should not (and in my > tests, does not) respond with a 200 code when you feed it the CONNECT > command. Sending back the index page is not the expected or defined > behavior, so I'm not sure why you'd expect that outcome.
Actually, it is. It depends on what your index file type is. If your index file type is .html then you will get the exact behaviour you speak of because HTML does not support any methods other then GET (unless you change HTML to be parsed by PHP or equivilent). However, if you use (for example) PHP and have index.php as the default page, it will accept the unusual method (if not prevented by "Limit" directives) but wind up processing it as a "GET /" in the end. This is because, it will be just like when a user doesn't put a trailing slash in the location bar, Apache will automatically redirect it to /. -- Brian Ashe CTO Dee-Web Software Services, LLC. [EMAIL PROTECTED] http://www.dee-web.com/ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
