DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=39746>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39746 ------- Additional Comments From [EMAIL PROTECTED] 2007-09-08 02:42 ------- If you expect to get a security hole when reverting the patch then you have to redesign the encoding/decondig process of mod_proxy. When you define a double decoding as an error, I can only define an encoding from %2F to %252F as an error. So it will be better when you investigate the encoding behaviour of mod_proxy so that an apache switch (maybe AllowEncodedSlashes) will allow the module to read over %2F or just any special sequences. Another solution may be a mod_rewrite rule that will fill in escape characters before any char that you don't want mod_proxy to change. mod_proxy could afterwards eleminate the escape chars leaving the char behind untouched. Best regards. Markus -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
