> Thanks.  The restored mod_jk behavior is the same as
> Tomcat 3.3.x with <DecodeInterceptor ... safe="true"/>,
> the default.  Unsafe escapes give 403's.  We can
> add a similar option to mod_jk to turn off the checking.
> Though, I can't image a situation where it would make
> sense to accept the risks to gain access to these escapes.  

The problem is that i_r2.dll is spitting 403 on any URL that contains
%2F, remeber fuilter do see ALL the request that pass for the IIS
server, we are rejecting URL NOT for tomcat, like in /test%2Ftest.asp,
this is the wrong behaviour the user seeing, and i think it's a little
agressive, dont you? so this needs to be solved..

Ignacio J. Ortega 

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to