On Fri, Apr 11, 2008 at 4:51 AM, Jess Holle <[EMAIL PROTECTED]> wrote: > Agreed -- but that draws me back to the need for an option (or default > behavior!) in mod_proxy_ajp wherein the URL passed to via AJP is not > decoded.
The thing is that it is news to me that mod_proxy_ajp passes decoded URLs ;) I am pretty sure I was told when this security problem was originally found (and the mod_jk default was changed as a result) that this was not the case. Rémy --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]