Summary: | Handling proxy backends sending RST | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Ville Sulko <ville.sulko> |
Component: | mod_proxy_http | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.2.3 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Ville Sulko
2010-06-08 09:59:50 UTC
If the response isn't handled, the back end is in violation of the spec. Accepting serious spec violations is addressed in the Watchfire request smuggling report http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf and providing the behavior you describe would make request injection much simpler. Closing as invalid and won't change. |