[Bug 58001] Implement Forwarded header (RFC 7239) to mod_proxy_http
https://bz.apache.org/bugzilla/show_bug.cgi?id=58001 Christian Schmidt changed: What|Removed |Added Keywords||PatchAvailable -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 58001] Implement Forwarded header (RFC 7239) to mod_proxy_http
https://bz.apache.org/bugzilla/show_bug.cgi?id=58001 --- Comment #3 from Christian Schmidt --- AFAICT the Host header is already sanitized. All my attempts to inject invalid characters in this header result in a "400 Bad Request" response. However, I am new to Apache development, so I'd appreciate any guidance on how to deal with this issue, i.e. which validation functions to use etc. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 58001] Implement Forwarded header (RFC 7239) to mod_proxy_http
https://bz.apache.org/bugzilla/show_bug.cgi?id=58001 --- Comment #2 from b...@univention.de --- Cool! This looks good. Except that the content of the "Host" header is not escaped, which could raise security threats if the request Host header contains chars like "; 3635 host_param = apr_pstrcat(r->pool, "; host=\"", host, "\"", NULL); -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 58001] Implement Forwarded header (RFC 7239) to mod_proxy_http
https://bz.apache.org/bugzilla/show_bug.cgi?id=58001 --- Comment #1 from Christian Schmidt --- Created attachment 35207 --> https://bz.apache.org/bugzilla/attachment.cgi?id=35207&action=edit Add Forwarded header This patch adds the Forwarded header in the same manor as X-Forwarded-*. I added a new configuration variable, ProxyAddForwardedHeader, in addition to ProxyAddHeaders that controls the X-Forwarded-* headers. The default is Off in order to stay conservative, but I don't know what the general policy about such things is in this project. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 58001] Implement Forwarded header (RFC 7239) to mod_proxy_http
https://bz.apache.org/bugzilla/show_bug.cgi?id=58001 Christian Schmidt changed: What|Removed |Added CC||bz.apache@chsc.dk -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org