Вопрос про секурити апача через nginx

Pavel Sokolov artdesign at mail.ru
Tue Nov 15 02:32:50 MSK 2005


А через nginx это к апачу придёт?

http://www.apache.org/dist/httpd/CHANGES_1.3

SECURITY: core: If a request contains both Transfer-Encoding and
 Content-Length headers, remove the Content-Length, mitigating some
 HTTP Request Splitting/Spoofing attacks.  This has no impact on
mod_proxy_http, yet affects any module which supports chunked
encoding yet fails to prefer T-E: chunked over the Content-Length
purported value.  [Paul Querna, Joe Orton]

--
Pavel Sokolov
http://crea70r.photosight.ru







More information about the nginx-ru mailing list