On 8/16/23 1:32 PM, Eric Covener wrote:
>>> So a few questions:
>>>
>>> - Is it reasonable as a standalone additional HTTPProtocolOption to
>>> decide the behavior?
>>> - Thoughts on behavior change in 2.4.x?
>>> - 400 as a status code?
>>>
>>>
> > So a few questions:
> >
> > - Is it reasonable as a standalone additional HTTPProtocolOption to
> > decide the behavior?
> > - Thoughts on behavior change in 2.4.x?
> > - 400 as a status code?
> >
> > https://httpwg.org/specs/rfc9112.html#rfc.section.6.1.p.15
> >
> > A server MAY reject a
On 8/2/23 1:29 PM, Eric Covener wrote:
> Hi, at $bigco I am seeing more and more scanners reporting HTTP
> request smuggling but the byte stream is really just two pipelined
> requests. They are costly to debunk.
I guess I just miss the point, but how is the above related to the lower?
>
>