On Wed, 15 Aug 2001, Bill Barker wrote: > Personally, I agree with Justin and Costin that mod_jk should be able to use > the uri field. > > Having said that, I'd like to point out that the mod_jk.c in j-t-c is > flat-out broken. It doesn't handle the case where the '?' itself is > encoded. Since this case is part of a currently popular attack on IIS, it > will show up. Interesting finding. However tomcat decoder should be able to do so - if it doesn't we must fix it. Can you check against 3.3beta1 ? As a note, IMHO it is perfectly legal to have an encoded '?' in the URI, and the behavior should be: the '?' will be decoded _after_ the URI is separated from query string, and it's used as part of the file name. AFAIK there is no reason a file ( or pathInfo ) can't have the '?' char inside, and the URI spec allow that. ( of course, paranoia may force us to remove this kind of behavior ). Costin
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix cmanolache
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix Justin Erenkrantz
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix David Rees
- RE: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix Keith Wannamaker
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix David Rees
- RE: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix Keith Wannamaker
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix Justin Erenkrantz
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix cmanolache
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix Bill Barker
- Fw: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix cmanolache
- Fw: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix Bill Barker
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix David Rees
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix cmanolache
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix cmanolache
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix Bill Barker
- Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix Bill Barker
- RE: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix GOMEZ Henri