Вопрос про секурити апача через nginx
Pavel Sokolov
artdesign at mail.ru
Tue Nov 15 02:32:50 MSK 2005
А через nginx это к апачу придёт?
http://www.apache.org/dist/httpd/CHANGES_1.3
SECURITY: core: If a request contains both Transfer-Encoding and
Content-Length headers, remove the Content-Length, mitigating some
HTTP Request Splitting/Spoofing attacks. This has no impact on
mod_proxy_http, yet affects any module which supports chunked
encoding yet fails to prefer T-E: chunked over the Content-Length
purported value. [Paul Querna, Joe Orton]
--
Pavel Sokolov
http://crea70r.photosight.ru
More information about the nginx-ru
mailing list