From owner-freebsd-hackers  Thu Jun 20 23:32:16 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from jive.SoftHome.net (jive.SoftHome.net [66.54.152.27])
	by hub.freebsd.org (Postfix) with SMTP id 6B0DA37B412
	for <freebsd-hackers@freebsd.org>; Thu, 20 Jun 2002 23:32:09 -0700 (PDT)
Received: (qmail 17543 invoked by uid 417); 21 Jun 2002 06:31:38 -0000
Received: from shunt-smtp-out-0 (HELO softhome.net) (172.16.3.12)
  by shunt-smtp-out-0 with SMTP; 21 Jun 2002 06:31:38 -0000
Received: from unknown ([216.194.2.179])
  (AUTH: LOGIN yid@softhome.net)
  by softhome.net with esmtp; Fri, 21 Jun 2002 00:31:36 -0600
Date: Fri, 21 Jun 2002 02:29:30 -0400
From: Joshua Lee <yid@softhome.net>
To: Terry Lambert <tlambert2@mindspring.com>
Cc: root@utility.clubscholarship.com, freebsd-hackers@freebsd.org
Subject: Re: inuring FreeBSD to the apache bug without upgrading apache ?
Message-Id: <20020621022930.088904b7.yid@softhome.net>
In-Reply-To: <3D129688.356A87D0@mindspring.com>
References: <20020620141424.U68572-100000@utility.clubscholarship.com>
	<3D129688.356A87D0@mindspring.com>
Organization: Plan B Software Labs
X-Mailer: Sylpheed version 0.7.5claws (GTK+ 1.2.10; i386-portbld-freebsd4.6)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Thu, 20 Jun 2002 19:59:20 -0700
Terry Lambert <tlambert2@mindspring.com> wrote:

> Patrick Thomas wrote:
> > Is it possible to patch/recompile FreeBSD 4.5 in such a way that your
> > system is no longer vulnerable to the "chunking" attack, even if you are
> > still running a vulnerable apache ?

Why not upgrade Apache...?? Both the 1 and 2 series have been updated I think. (I'm a newbie at server stuff, so bear with me if I made a faux pas.)

> The way you would deal with this would be to tell Apache that it
> was an HTTP 1.0 server, since chunking is an HTTP 1.1 feature.
> 
> The only place this is an issue is if you need to reuse an HTTP
> connection, and that only occurs in HTTP 1.1 when you are doing
> pipelining.  Everywhere else, you can indicate an end of data

Mozilla has an option to enable http pipelining as a performance option. I regularly used this, maybe I shouldn't?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message