On 6/24/20 1:27 PM, Eric Covener wrote: >> >> ProxyMappingDecoded is not needed anymore (and was removed). >> The mapping= tells mod_proxy at which stage ([pre_]translate) it >> should map the request path. > +1 > Getting back to an old topic. Shouldn't we have a directive similar to AllowEncodedSlashes that allows us to block URI's that contain URL fragments like /.; and /..; in order to avoid that someone plays silly games that bypass Location settings and RewriteRules that might be used with a servlet engine in the backend? Happy to have that set to a default that allows /.; and /..;. Regards RĂ¼diger
- Re: hardening mod_write and mod_proxy... Yann Ylavic
- Re: hardening mod_write and mod_proxy... jean-frederic clere
- Re: hardening mod_write and mod_proxy... Yann Ylavic
- Re: hardening mod_write and mod_proxy... jean-frederic clere
- Re: hardening mod_write and mod_proxy... Eric Covener
- Re: hardening mod_write and mod_proxy... Yann Ylavic
- Re: hardening mod_write and mod_proxy... jean-frederic clere
- Re: hardening mod_write and mod_proxy... Yann Ylavic
- Re: hardening mod_write and mod_proxy... Yann Ylavic
- Re: hardening mod_write and mod_proxy... Eric Covener
- Re: hardening mod_write and mod_proxy... Ruediger Pluem
- Re: hardening mod_write and mod_proxy... Eric Covener
- Re: hardening mod_write and mod_proxy... Yann Ylavic
- Re: hardening mod_write and mod_proxy... Ruediger Pluem
- Re: hardening mod_write and mod_proxy... William A Rowe Jr
- Re: hardening mod_write and mod_proxy... jean-frederic clere
- Re: hardening mod_write and mod_proxy like mod_jk... Ruediger Pluem
- Re: hardening mod_write and mod_proxy like mod_jk with... Mark Thomas