From: William A. Rowe Jr Date: Mon, 29 Aug 2016 17:33:04 +0000 (+0000) Subject: Regenerate X-Git-Tag: 2.5.0-alpha~1183 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=74a5f93a855ae16c600b8837aaf4c8793a44041d;p=thirdparty%2Fapache%2Fhttpd.git Regenerate git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758267 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en index 7068a63c70f..d6c611fd65a 100644 --- a/docs/manual/mod/core.html.en +++ b/docs/manual/mod/core.html.en @@ -2031,10 +2031,8 @@ media type in the HTTP Content-Type header field - + [RegisteredMethods|LenientMethods] [Allow0.9|Require1.0] + @@ -2055,9 +2053,13 @@ LenientMethods Allow0.9 which did not conform to the protocol. RFC 7230 §9.4 Request Splitting and §9.5 Response Smuggling call out only two of the potential - risks of accepting non-conformant request messages. As of the introduction - of this directive, all grammer rules of the specification are enforced in - the default Strict operating mode.

+ risks of accepting non-conformant request messages, while + RFC 7230 §3.5 "Message Parsing Robustness" identify the + risks of accepting obscure whitespace and request message formatting. + As of the introduction of this directive, all grammer rules of the + specification are enforced in the default Strict operating + mode, and the strict whitespace suggested by section 3.5 is enforced + and cannot be relaxed.

RFC 3986 §2.2 and 2.3 define "Reserved Characters" and "Unreserved Characters". All other character octets are required to @@ -2066,20 +2068,9 @@ LenientMethods Allow0.9 containing invalid characters. This rule can be relaxed with the UnsafeURI option to support badly written user-agents.

-

RFC 7230 §3.5 "Message Parsing Robustness" permits, and - identifies potential risks of parsing messages containing non-space - character whitespace. While the spec defines that exactly one space - seperates the URI from the method, and the protocol from the URI, and - only space and horizontal tab characters are allowed in request header - field contents, the Apache HTTP Server was traditionally lenient in - accepting other whitespace. The default StrictWhitespace - option will now reject non-conforming requests. The administrator may - toggle the UnsafeWhitespace option to continue to honor - non-conforming requests, with considerable risk of proxy interactions.

- -

Users are strongly cautioned against toggling the Unsafe, - UnsafeURI or UnsafeWhitespace modes of operation - particularly on outward-facing, publicly accessible server deployments. +

Users are strongly cautioned against toggling the Unsafe + or UnsafeURI modes of operation, particularly on + outward-facing, publicly accessible server deployments. If an interface is required for faulty monitoring or other custom service consumers running on an intranet, users should toggle only those Unsafe options which are necessary, and only on a specific virtual host configured diff --git a/docs/manual/mod/core.xml.de b/docs/manual/mod/core.xml.de index 7242049638c..0df52d649a4 100644 --- a/docs/manual/mod/core.xml.de +++ b/docs/manual/mod/core.xml.de @@ -1,7 +1,7 @@ - + + + diff --git a/docs/manual/mod/core.xml.ja b/docs/manual/mod/core.xml.ja index b98b9626f72..028381caae0 100644 --- a/docs/manual/mod/core.xml.ja +++ b/docs/manual/mod/core.xml.ja @@ -1,7 +1,7 @@ - + +

Description:Modify restrictions on HTTP Request Messages
Syntax:HttpProtocolOptions [Strict|Unsafe] [StrictURL|UnsafeURL] - [StrictWhitespace|UnsafeWhitespace] [RegisteredMethods|LenientMethods] - [Allow0.9|Require1.0]
Default:HttpProtocolOptions Strict StrictURL StrictWhitespace -LenientMethods Allow0.9
Default:HttpProtocolOptions Strict StrictURL LenientMethods Allow0.9
Context:server config, virtual host
Status:Core
Module:core