Hello
In the context of CVE-2008-2364 what is the meaning of interim responses ?
How can this affect apache ?
If you can help me ...
thanks
On Fri, 5 Sep 2008 11:07:25 +0100
"Armando Oliveira" <[EMAIL PROTECTED]> wrote:
> Hello
>
>
> In the context of CVE-2008-2364 what is the meaning of interim
> responses ? How can this affect apache ?
Section 10.1 of RFC2616.
--
Nick Kew
Application Devel
Hello again
Sorry for being such an annoying guy ...
The problem with interim responses is when the destinations server
sends to much responses to the client(possible causing to much memory
usage), right ?
thanks
On Fri, Sep 5, 2008 at 11:23 AM, Nick Kew <[EMAIL PROTECTED]> wrote:
>
RFC2616 mandates that a proxy MUST return interim (1xx)
responses to an HTTP/1.1 client, except where the proxy
itself requested the interim response. I'd interpret
that slightly liberally, to mean we MUST return an interim
response if the Client has asked for one.
Our proxy currently eats all 1x
RFC2616 tells us a proxy MUST forward interim (1xx) responses
to an HTTP/1.1 Client, except where the proxy itself requested
the response. Currently mod_proxy is just eating interim
responses. There's a history of problems here (PR#16518).
I've hacked up a simple patch, base
On Tue, Oct 02, 2007 at 01:12:08AM +0100, Nick Kew wrote:
> RFC2616 mandates that a proxy MUST return interim (1xx)
> responses to an HTTP/1.1 client, except where the proxy
> itself requested the interim response. I'd interpret
> that slightly liberally, to mean we MUST return an interim
> respon
On Thu, 4 Oct 2007 00:41:06 +0100
Nick Kew <[EMAIL PROTECTED]> wrote:
> Patch attached. Comments?
>
OK, slightly dumb patch. Correction is to write to
r->connection->output_filters, not bypass the whole chain!
/me heads for bed before doing more dumb things
--
Nick Kew
Application Developme
On 10/04/2007 01:41 AM, Nick Kew wrote:
> RFC2616 tells us a proxy MUST forward interim (1xx) responses
> to an HTTP/1.1 Client, except where the proxy itself requested
> the response. Currently mod_proxy is just eating interim
> responses. There's a history of proble
ling with the server itself responding to Expect.
It's Not Applicable to a 100 returned by a proxied backend
Nor an application module, which might want to use
ap_send_interim_response - e.g. to support Switching Protocols.
It's an edge-case, but RFC2616 seems fairly clear: we *can*
err o
On Thu, Oct 04, 2007 at 11:52:03AM +0100, Nick Kew wrote:
> On Thu, 04 Oct 2007 11:27:30 +0200
> Ruediger Pluem <[EMAIL PROTECTED]> wrote:
>
> > I think you should move it to http_filters.c. There are a bunch
> > of static functions that you can use for creating the header strings
> > and all this
10 matches
Mail list logo
