Package: apache2 Version: 2.4.65-2 Severity: normal
Hey. I've had noticed that you've introduced the setting of AllowCONNECT 0 per default,... and further that upstream doesn't document that as disabling CONNECT, as it's used by Debian. It simply works because nothing has port 0 (not sure whether one could do some local packet mangling to get something to use port 0). So I've opened a ticket: https://bz.apache.org/bugzilla/show_bug.cgi?id=69879 asking whether this could be made offcial by documenting it. Response was howver rather that they would prefer some patch that introduces a `none` keyword. In particular it shall be noted, that some earlier upstream feature request already tried to get the behaviour of 0 being the wildcard and thus alowing *any* ports (but wasn't merged). So this is primarily a heads up, that the current behaviour of 0 is rather just an implementation detail and not really guaranteed. Cheers, Chris.
