[Bug 60863] New: Apache proxy 2.4.25 can disable header check (Set-Cookie)

bugzilla Tue, 14 Mar 2017 03:37:23 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=60863


            Bug ID: 60863
           Summary: Apache proxy 2.4.25 can disable header check
                    (Set-Cookie)
           Product: Apache httpd-2
           Version: 2.4.25
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Using Apache proxy.

Since Apache Proxy 2.4.25 control Headers some sites became unreachable due to
incorrect Cookie syntax.

I have to return to previous 2.4.20

The error is related to \x01 invalid character :

AH02430: Response header 'Set-Cookie' value of '___utmvaXEuDsBI=UxE\x01hXDj;
path=/; Max-Age=900' contains invalid characters, aborting request

The following url (most of them operated by incapdns.net return this error)

http://www.cision.com
23gwg.x.incapdns.net.
107.154.115.114

http://academie-air-espace.com
185.11.125.199
149.126.77.65

http://www.defense.gouv.fr
yookd.x.incapdns.net.
107.154.115.47

http://www.bizjournals.com
ddc7y.x.incapdns.net.
107.154.115.27

http://correlatedsolutions.com
107.154.105.8
107.154.106.8

The Directive
ProxyBadHeader          Ignore

do not solve theses issues.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 60863] New: Apache proxy 2.4.25 can disable header check (Set-Cookie)

Reply via email to