[In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
Synopsis: Sending loads of /'s in a request can eventually bring system to crawl. Comment-Added-By: coar Comment-Added-When: Tue Dec 30 09:01:25 PST 1997 Comment-Added: We are looking into this to verify the exact issue and formulate the correct solution. Your proposed solution is not correct; under no circumstances should a Web server make such a blanket assumption about what is intended. If the request complies with the relevant RFCs and is syntactically correct, it must be permitted to pass. What about a server-side script that uses multiple slashes as delimiters in either the PATH_INFO or the URL argument, such as <http://host/script/path-info/a////b?&c=1&d=/////>? That's a perfectly valid URL and no server has any business complaining about it. As you can see, determining the right way to deal with this is not as simple as it may appear. Release-Changed-From-To: 1.2.x (1.2.4 has hole)-1.2.x Release-Changed-By: coar Release-Changed-When: Tue Dec 30 09:01:25 PST 1997
