Applications Quirks

The following HTTP protocol back-end applications or front-end user agents are known to be incompatible with Apache HTTP Server's protocol implementation of HTTP/1.1 or h2, in many cases the configuration option <code>HttpProtocolOptions Unsafe</code> will work around these defective applications, at a cost of enabling malicious cache poisoning behavior for all content on the configured server.

Until neatly formatted, it is simply a list of the bug reports. Editorial assistance is welcome;

Trailing whitespace after HTTP/1.1 token in HTTP request line;

Invalid whitespace in X-RHN-Auth-User-Id header of RedHat Satellite 5/Spacewalk prior to version 2.7;

JBoss mod_cluster invalid IPv6 Host: header addressing (Missing square bracket delimiters);

Multiple examples, principally on Windows - underscore within Host: header server names not permitted (example);

Applications (last edited 2017-09-13 20:30:54 by wrowe)