[lug] New attack?

Andrew R. Diederich diederic at boulder.net
Mon Jul 8 09:19:44 MDT 2002


It's a bug.  Here's from Apache week issue 301:

     One of the changes included in Apache 1.3.26 has caused a few
     surprises as parsing of the HTTP request line in Apache has become
     stricter; now rejecting some illegal requests which earlier
     versions accepted. Any client applications which were generating
     illegal request lines and getting away with it will find that when
     taking to Apache 1.3.26 a 400 Illegal Request error response will
     be returned. An example of an illegal request line would be to
     include an unescaped space character in the URI. Consensus on the
     list was that the code should be reverted to the previous
     behaviour, following the IETF maxim: "be liberal in what you
     accept".

Hope this helps.

--
Andrew

On Mon, 8 Jul 2002, Rob Nagler wrote:

> I saw this yesterday and today:
> 
> [Mon Jul  8 07:11:42 2002] [error] [client 200.24.106.34] Client sent malformed Host header
> 
> I'm in the midst of upgrading our production machines to apache 1.3.26
> (and RH7.2).  I'm not seeing the above message on the production
> machines.
> 
> Thanks,
> Rob
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> 




More information about the LUG mailing list