Вопрос про секурити апача через nginx

Pavel Sokolov artdesign at mail.ru
Tue Nov 15 02:32:50 MSK 2005

А через nginx это к апачу придёт?


SECURITY: core: If a request contains both Transfer-Encoding and
 Content-Length headers, remove the Content-Length, mitigating some
 HTTP Request Splitting/Spoofing attacks.  This has no impact on
mod_proxy_http, yet affects any module which supports chunked
encoding yet fails to prefer T-E: chunked over the Content-Length
purported value.  [Paul Querna, Joe Orton]

Pavel Sokolov

More information about the nginx-ru mailing list