Page tree
Skip to end of metadata
Go to start of metadata

Applications Quirks

The following HTTP protocol back-end applications or front-end user agents are known to be incompatible with Apache HTTP Server's protocol implementation of HTTP/1.1 or h2, in many cases the configuration option <code>HttpProtocolOptions Unsafe</code> will work around these defective applications, at a cost of enabling malicious cache poisoning behavior for all content on the configured server.

Until neatly formatted, it is simply a list of the bug reports. Editorial assistance is welcome;

Trailing whitespace after HTTP/1.1 token in HTTP request line;
https://unix.stackexchange.com/questions/340013/why-am-i-getting-400-bad-request

Invalid whitespace in X-RHN-Auth-User-Id header of RedHat Satellite 5/Spacewalk prior to version 2.7;
https://access.redhat.com/articles/3013361
https://bugzilla.redhat.com/show_bug.cgi?id=1442477

JBoss mod_cluster invalid IPv6 Host: header addressing (Missing square bracket delimiters);
https://issues.jboss.org/browse/JBCS-345?_sscc=t

Multiple examples, principally on Windows - underscore within Host: header server names not permitted (example);
https://alvinbunk.wordpress.com/2017/08/16/client-sent-http1-1-request-without-hostname/

  • No labels