> On 14 Jun 2017, at 22:12, William A Rowe Jr <[email protected]> wrote: > > > Thoughts/comments? Patches to hold for before we roll? If I don't hear > otherwise, and we stick to the simpler alternative, then I'd plan to roll > these candidates Thursday.
Would it be an option to get a fix in for the single-character header bug? ( https://bz.apache.org/bugzilla/show_bug.cgi?id=61220 <https://bz.apache.org/bugzilla/show_bug.cgi?id=61220> ) If you add HttpProtocolOptions Unsafe LenientMethods Allow0.9 to a default httpd.conf single character header lines are rejected with a 400 code. macmini:httpd-2.2.33 mark$ telnet localhost 8033 Trying ::1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.1 Host: foobar x: 0 HTTP/1.1 400 Bad Request Date: Sun, 25 Jun 2017 21:43:53 GMT Server: Apache/2.2.33 (Unix) Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> </body></html> Connection closed by foreign host.
