Hello! On Mon, Sep 26, 2022 at 11:16:05PM +0200, Dipl. Ing. Sergey Brester via nginx-devel wrote:
> below is a patch to fix a weakness by logging of broken header by > incorrect proxy protocol. > > If some service (IDS/IPS) analyzing or monitoring log-file, regularly > formatted lines may be simply confused with lines written not escaped > directly from buffer supplied from foreign source. > Not to mention it may open a certain vector allowing "injection" of user > input in order to avoid detection of failures or even to simulate > malicious traffic from legitimate service. https://trac.nginx.org/nginx/ticket/191 -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
