https://bz.apache.org/bugzilla/show_bug.cgi?id=68907
Bug ID: 68907
Summary: replace ap_trust_cgilike_cl with a validating CL
filter
Product: Apache httpd-2
Version: 2.4.59
Hardware: PC
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: covener@gmail.com
Target Milestone: ---
Instead of the current ban on Content-Length from CGI-like modules, we could
let these headers through and validate the length in some core filter, making
sure a short or long response results in a terminated connection.
This would replace the whitelisting via ap_trust_cgilike_cl
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Bug ID: 68907
Summary: replace ap_trust_cgilike_cl with a validating CL
filter
Product: Apache httpd-2
Version: 2.4.59
Hardware: PC
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: covener@gmail.com
Target Milestone: ---
Instead of the current ban on Content-Length from CGI-like modules, we could
let these headers through and validate the length in some core filter, making
sure a short or long response results in a terminated connection.
This would replace the whitelisting via ap_trust_cgilike_cl
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org