HTTP request smuggling
mdounin at mdounin.ru
Wed Jun 30 19:17:32 UTC 2021
On Wed, Jun 30, 2021 at 07:03:57PM +0200, Hans Middelhoek wrote:
> Thanks! That makes sense to me. I like to understand things a little
> better and hope you can help with that:
> 1) Why is the result different when I disable keepalive in Nginx? After
> disabling keepalive the second request isn't executed anymore.
Because multiple requests in the same connection only work with
keepalive. As long as keepalive is disabled, only the first
request in the connection is processed. To make additional
requests the client have to open additional connections.
> 2) Do you know why Apache respond the same as Nginx with
> keepalive disabled?
Because keepalive is disabled on the Apache server you are testing
against? As long as keepalive is enabled, the same requests work
perfectly with Apache and return two responses as they should.
More information about the nginx