On 5 Feb 2013, at 14:29, Jakub Nieznalski wrote: > Hi, > > I've got problem that Apache accepts malformed URI, for example > localhost/?foo=bar% The percent sign makes that request unvalid, but Apache > will accept that. Nginx, or Unicorn will respond with 400.
That's a request for URL / , with parameters foo=bar% I'd guess nothing in your server is looking at the parameters. If it's a static page and there's no complex configuration that might be affected by parameters, why should the server waste its time? Note that if you request /foo=bar% you will indeed get a 400. > How can I achieve the same result? Is there any mod or rule that will tell > apache to return 400 for invalid request? If you want to protect some vulnerable application, a WAF. For a simpler solution to just the question, mod_taint. -- Nick Kew --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
