www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geff <g...@pier64.com>
Subject Re: Reproducable apache 1.3.26 /modproxy issue viewing www.kbb.com
Date Tue, 13 Aug 2002 16:10:19 GMT
Zvi and all,

	I have mixed thoughts about the whole thing.  There are two sides to
the story.

	1. mod_proxy is RFC compliant - So why break apache to accommodate M$'s
lack of ability to read and implement a standard that was published in
June 1999?  Yesterday I was talking to an MCS consultant and he said,
"well that standard is so old!"  I responded with, "yeah .. three years
and MS still hasn't had time to read it." :)  I was laughing, he wasn't.
:)

	2. There are a LOT of IIS servers on the Internet - So until EVERY ONE
of them is patched this will be a problem for folks using apache as a
proxy/cache.  I was considering reworking the previous patch (yours and
mine, very similar) to incorporate *ALL* of the entity-headers in
section 7.1 to insulate against contamination via IIS servers into the
apache proxy.  Unfortunately, as I previously stated, there are a *TON*
(tm) of IIS servers on the Internet.  Until they are *ALL* patched,
assuming such a patch exists or is created, we are all at risk.  I
really consider this type of patch to be a defensive patch for
mod_proxy, more than anything else.

	Thoughts?

	I'd like to thank Graham for sending me down the path to solution.

Geff



Mime
View raw message