On 10/5/06, Ed Sawicki <[EMAIL PROTECTED]> wrote:
If I set AllowEncodedSlashs On, the request still results in a
404 message because of the other obfuscated characters. I'll
try Apache version 2.2 later. As I said earlier, I'm happy that
Apache behaves this way but I'd like to know why Apache/PH
Joshua Slive wrote:
On 10/5/06, Ed Sawicki <[EMAIL PROTECTED]> wrote:
I see that Apache 2.0 does not convert an obfuscated URL
into its canonical form. For example, with this URL:
http://www.example.com/url/hack
I see the Web page and the access log shows this:
10-05 07:41 "GET /url/hack HTTP
On 10/5/06, Ed Sawicki <[EMAIL PROTECTED]> wrote:
I see that Apache 2.0 does not convert an obfuscated URL
into its canonical form. For example, with this URL:
http://www.example.com/url/hack
I see the Web page and the access log shows this:
10-05 07:41 "GET /url/hack HTTP/1.1" 200
With this
I see that Apache 2.0 does not convert an obfuscated URL
into its canonical form. For example, with this URL:
http://www.example.com/url/hack
I see the Web page and the access log shows this:
10-05 07:41 "GET /url/hack HTTP/1.1" 200
With this obfuscated URL:
http://www.example.com/%75%72%6C%
