On 6/27/05, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
> At 12:20 PM 6/27/2005, Jeff Trawick wrote:
> >On 6/27/05, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
> >
> >> My goal is to tag and roll 2.0 by Friday for release early next
> >> week, unless the fixes are ready sooner. There is a list of
> >> already-accepted patches in status, if anyone wants to pick some
> >> low hanging fruit for 2.0.
> >
> >I have a tested proxy smuggling patch for 2.0 which I'll upload to
> >people.apache.org and add to STATUS. It is somewhere amidst the 2.1.5
> >or 2.1.6 messages.
>
> Thanks! The patch raised another question for me. We have the
> downgrade-1.0 and nokeepalive switches to force the CLIENT connection
> to skip any spoofing attack.
>
> But since 2.0/2.1 mod_proxy now uses keepalives for real, do we have
> any similar choice for administrators to 'work around' potentially
> broken back ends?
proxy_http.c: if ( apr_table_get(r->subprocess_env,"proxy-nokeepalive")) {
