Forwarded message:
>
> +1 for the directive and default setting
>
> :)
>
> david
> - Original Message -
> From: "Jim Jagielski" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, July 04, 2002 3:55 PM
> Subject: Re:
Forwarded message:
>
> +1 for Directive in 1.3
> -0 for Revert to accepting HTTP-1.0 by default
> +1 for NOT Accepting HTTP-1.0 by default in 2.0.
> -0 for Directive in 2.0 to allow HTTP-1.0
>
> Sander
>
--
===
J
Forwarded message:
>
> On Thu, Jul 04, 2002 at 10:55:43AM -0400, Jim Jagielski wrote:
> > I agree that HTTP-1.1 is broken, but it is debatable whether we should
> > provide some sort of backwards compatibility. My thoughts are a
> > StrictProtocol directive that defaults to true but provides for
t;
> list-post: <mailto:[EMAIL PROTECTED]>
> Delivered-To: mailing list [EMAIL PROTECTED]
> From: Jim Jagielski <[EMAIL PROTECTED]>
> Message-Id: <[EMAIL PROTECTED]>
> Subject: Re: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26
> To: [EMAIL
Justin Erenkrantz wrote:
>
> On Thu, Jul 04, 2002 at 10:55:43AM -0400, Jim Jagielski wrote:
> > We should at least match 1.3 and 2.0's behavior. 2.0, as of the latest
> > CVS, still allows HTTP-1.1 (or whatever).
>
> Woo-hoo, guys. Threads and votes like this should be on dev@httpd.
No shit...
Rodent of Unusual Size wrote:
> To make matters worse, we cant simply
> redirect the files since the requests fail immediately, the only solution for
> us is to switch to a M$ server or a down-level Apache build with the security
> vulnerability for our entire domain!
A far easier fix is to sim
Aaron Bannert wrote:
>
> > Can't they offer a patch for their existing user base? I'm not
> > unsympathetic, but introducing these kind of hacks seems like it would
> > make the code grow more complicated with each change in server behavior.
>
> That might work in some cases, but if they are und
http://www.apache.org/dist/httpd/patches/ has patches for every released
version of Apache 1.2.x and 1.3.x
On Wed, 3 Jul 2002, Andrew Ho wrote:
> Hello,
>
> Is there a patch for earlier versions of Apache that fix the chunked
> Transfer-Encoding security hole, but nothing else? I know OpenBSD, f
Hello,
Is there a patch for earlier versions of Apache that fix the chunked
Transfer-Encoding security hole, but nothing else? I know OpenBSD, for
example, has an Apache 1.3.24 in ports that has the chunked
Transfer-Encoding fixed. That would certainly be a good short term
solution for this guy--
On Wed, 3 Jul 2002, Rodent of Unusual Size wrote:
>> Not acked (by me, at least). I can feel their pain..
..
> I am sure I am not the only one with this problem, as there are several
> socket tutorials and such that incorrectly say 'HTTP-1.0'.
Now he has a case - the above is true; I've corre
> > controlled/hosting environment, it is unlikely that their
> > hosts will allow unchecked patches to be applied to the server.
>
> Also, we rather violated the principle of 'be strict in what you
> send, liberal in what you accept.' We suddenly became 'strict in
> what you accept' without war
>
> Aaron Bannert wrote:
> >
> > On Wed, Jul 03, 2002 at 01:19:53PM -0600, Jerry Baker wrote:
> > >
> > > Can't they offer a patch for their existing user base? I'm not
> > > unsympathetic, but introducing these kind of hacks seems like it
> > > would make the code grow more complicated with
Aaron Bannert wrote:
>
> On Wed, Jul 03, 2002 at 01:19:53PM -0600, Jerry Baker wrote:
> >
> > Can't they offer a patch for their existing user base? I'm not
> > unsympathetic, but introducing these kind of hacks seems like it
> > would make the code grow more complicated with each change in
> > s
On Wed, Jul 03, 2002 at 01:19:53PM -0600, Jerry Baker wrote:
> > Same here, I'm sympathetic. I think that it might be beneficial to
> > introduce an "Enable old behavior for backward-compatibility" mode, for
> > just these occasions where we have altered the behaviour of the server
> > to be more
Aaron Bannert wrote:
>
> On Wed, Jul 03, 2002 at 03:15:51PM -0400, Rodent of Unusual Size wrote:
> > I can feel their pain..
>
> Same here, I'm sympathetic. I think that it might be beneficial to
> introduce an "Enable old behavior for backward-compatibility" mode, for
> just these occasions whe
On Wed, Jul 03, 2002 at 03:15:51PM -0400, Rodent of Unusual Size wrote:
> I can feel their pain..
Same here, I'm sympathetic. I think that it might be beneficial to
introduce an "Enable old behavior for backward-compatibility" mode, for
just these occasions where we have altered the behaviour of
Not acked (by me, at least). I can feel their pain..
Original Message
Subject: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26
Date: Wed, 03 Jul 2002 12:49:26 -0600
From: Christopher Williamson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED],
17 matches
Mail list logo