Hello,
Am 24.01.2017 um 07:01 schrieb Nick Kew:
On Mon, 2017-01-23 at 21:26 +0000, Darryl Philip Baker wrote:
DNS doesn’t allow underscore in host and domain names so how a URL
with an underscore would have ever worked is beyond me.
Yeah, but is it the webserver's role to enforce that?
Old answer: be liberal in what you accept.
New answer: enforce HTTP much more strictly to pre-empt the next
security alert based on smuggling something through.
In reply to the OP, does HTTPProtocolOptions may be what you're
looking for, though I haven't verified it.
yes, |HttpProtocolOptions is the option i was looking for, Thanks. The
invalid subdomain is working again.
I am aware of dangers by setting this to unsafe. I will try to avoid
this und eliminate this invalid hosts.
Thanks,
Hajo
|
