> -----Original Message----- > From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 06, 2003 4:51 AM > To: 'Tomcat Developers List' > Subject: RE: cvs commit: > jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c > > > Larry, > > > > > Thanks. The restored mod_jk behavior is the same as > > Tomcat 3.3.x with <DecodeInterceptor ... safe="true"/>, > > the default. Unsafe escapes give 403's. We can > > add a similar option to mod_jk to turn off the checking. > > Though, I can't image a situation where it would make > > sense to accept the risks to gain access to these escapes. > > The problem is that i_r2.dll is spitting 403 on any URL that contains > %2F, remeber fuilter do see ALL the request that pass for the IIS > server, we are rejecting URL NOT for tomcat, like in /test%2Ftest.asp, > this is the wrong behaviour the user seeing, and i think it's a little > agressive, dont you? so this needs to be solved.. > > Saludos, > Ignacio J. Ortega > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
