From owner-freebsd-hackers Thu Jun 20 23:32:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from jive.SoftHome.net (jive.SoftHome.net [66.54.152.27]) by hub.freebsd.org (Postfix) with SMTP id 6B0DA37B412 for ; Thu, 20 Jun 2002 23:32:09 -0700 (PDT) Received: (qmail 17543 invoked by uid 417); 21 Jun 2002 06:31:38 -0000 Received: from shunt-smtp-out-0 (HELO softhome.net) (172.16.3.12) by shunt-smtp-out-0 with SMTP; 21 Jun 2002 06:31:38 -0000 Received: from unknown ([216.194.2.179]) (AUTH: LOGIN yid@softhome.net) by softhome.net with esmtp; Fri, 21 Jun 2002 00:31:36 -0600 Date: Fri, 21 Jun 2002 02:29:30 -0400 From: Joshua Lee To: Terry Lambert Cc: root@utility.clubscholarship.com, freebsd-hackers@freebsd.org Subject: Re: inuring FreeBSD to the apache bug without upgrading apache ? Message-Id: <20020621022930.088904b7.yid@softhome.net> In-Reply-To: <3D129688.356A87D0@mindspring.com> References: <20020620141424.U68572-100000@utility.clubscholarship.com> <3D129688.356A87D0@mindspring.com> Organization: Plan B Software Labs X-Mailer: Sylpheed version 0.7.5claws (GTK+ 1.2.10; i386-portbld-freebsd4.6) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 20 Jun 2002 19:59:20 -0700 Terry Lambert wrote: > Patrick Thomas wrote: > > Is it possible to patch/recompile FreeBSD 4.5 in such a way that your > > system is no longer vulnerable to the "chunking" attack, even if you are > > still running a vulnerable apache ? Why not upgrade Apache...?? Both the 1 and 2 series have been updated I think. (I'm a newbie at server stuff, so bear with me if I made a faux pas.) > The way you would deal with this would be to tell Apache that it > was an HTTP 1.0 server, since chunking is an HTTP 1.1 feature. > > The only place this is an issue is if you need to reuse an HTTP > connection, and that only occurs in HTTP 1.1 when you are doing > pipelining. Everywhere else, you can indicate an end of data Mozilla has an option to enable http pipelining as a performance option. I regularly used this, maybe I shouldn't? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message