>Number: 3022 >Category: protocol >Synopsis: HTTP/1.1 : No HEader, if apache get's an invalid request as >second >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Sep 17 06:40:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.1 >Environment: Does not matter - verified with many unix version, and also many old apache version. >Description: printf "GET / HTTP/1.1\r\nHost: dungeon.inka.de\r\n\r\n\0GET / HTTP/1.1\r\nHost: dungeon.inka.de\r\n\r\n" |socket localhost 80 |less not the \0 before the second request - the is invalid. apache gives back an 501 Not implemented (that's ok), but it doesn't give a HTTP/1.1 501 Header, but starts directly with <!DOCTYPE ...
>How-To-Repeat: the shell command above gives it (printf is a bash function, socket a common found tool to pipe stdin/out via tcp/ip to some daemon. >Fix: send a HTTP/1.1 501 ... header with all the usual stuff (Date: Server: etc.) >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
