On Wed, Aug 17, 2016 at 12:24 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> On Aug 16, 2016 4:39 PM, "Yann Ylavic" <ylavic....@gmail.com> wrote:
>> > -AP_INIT_ITERATE("HttpProtocol", set_http_protocol, NULL, RSRC_CONF,
>> > - "'min=0.9' (default) or 'min=1.0' to allow/deny HTTP/0.9;
>> > "
>> > - "'liberal', 'strict', 'strict,log-only'"),
>> > +AP_INIT_ITERATE("EnforceHttpProtocol", set_enforce_http_protocol, NULL,
>> > RSRC_CONF,
>> > + "'Allow0.9' or 'Require1.0' (default) to allow or deny
>> > HTTP/0.9; "
>> > + "'Unsafe' or 'Strict' (default) to process incorrect
>> > requests"),
>>
>> The original min= was naturally mutually exclusive, and the original
>> <option>= looks more extensible (to me)...
>
> It appeared that both exclusivity tests were borked because the value was
> first set, ergo the old bit was unset, and then a meaningless test occurred
> (doh).
>
> Allow0.9 or Require1.0 is more readily apparent in perusing someone else's
> config files. We have too many uses of generic (and case sensitive? Ick)
> keywords that makes it harder to spot misconfiguration. Do you really want
> to grep for the token and the directive name, or an arbitrary search for
> min= which has a number of contextual meanings?
Fair enough.
>
>> Also, since this directive will mainly be used to relax HTTP protocol
>> (wrt RFC 7230) for compatibility reasons, EnforceHttpProtocol may not
>> be appropriate.
>>
>> How about HttpProtocolPolicy [Strict|Unsafe] min=[0.9|1.0|1.1] ?
>
> I'm open to suggestions, what about HTTPProtocolOptions (option list)?
Works for me too.
Thanks,
Yann.
