Re: why does latest jessie apache2 reject _ in http request path?
- Date: Wed, 8 Mar 2017 11:34:54 +0200
- From: Juha Heinanen <jh@xxxxxxxxxx>
- Subject: Re: why does latest jessie apache2 reject _ in http request path?
> Note the underscored parts. You are talking about (path) segments.
> Underscore is fine there. Problem is host and domain names, and 3986 is
> pretty deliberately handwavy there (3.2.2 host). Apart from IP addresses
> it refers to good ol' DNS (1123, 952. Ah, Those folks knew how to write
> RFCs ;-), which *doesn't* include underscore (but dash). But then it
> goes on to say that you can locally do what you want with the host part
> anyway, and that it hasn't to be tied to the DNS (even percent-encode
> it, yikes).
Thanks for your answer. The request below works over TLS in apache2
2.4.10-10+deb8u7, but fails in 2.4.10-10+deb8u8 unless I turn on
There is crlf after each line and there are no tabs.
I can't figure out what is wrong with it.
T 2017/03/08 11:28:05.427711 127.0.0.1:49612 -> 127.0.0.1:80 [AP]
POST /manager/xml-rpc-server.php HTTP/1.1.