https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
--- Comment #13 from Gordon <[email protected]> --- Created attachment 28843 --> https://issues.apache.org/bugzilla/attachment.cgi?id=28843&action=edit Patch v2 for CVE-2011-4317 effecting only rewriterule proxy Had another little play, and this patch is another approach by extending ACTION_ to include ACTION_FORBIDDEN. Less parameters and cleaner, but only if you dont mind ACTION being extended in this way. Added it into .htaccess too. Again, I have been unable to test to see if this actually does block the CVE issue, but I cannot see any reason why it wouldnt deal with the issue. Maybe someone can check and amend as necessary? I am not a mod_rewrite.c expert so this patch could have side-effects, but it seems ok and works for me. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
