From owner-freebsd-hackers Fri Jun 21 1:38:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by hub.freebsd.org (Postfix) with ESMTP id 32D7037B41A for ; Fri, 21 Jun 2002 01:38:38 -0700 (PDT) Received: from cicely5.cicely.de (cicely5.cicely.de [IPv6:3ffe:400:8d0:301:200:92ff:fe9b:20e7]) (authenticated bits=0) by srv1.cosmo-project.de (8.12.3/8.12.3) with ESMTP id g5L8cPMa017070 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Fri, 21 Jun 2002 10:38:29 +0200 (CEST) (envelope-from ticso@cicely5.cicely.de) Received: from cicely5.cicely.de (localhost [IPv6:::1]) by cicely5.cicely.de (8.12.1/8.12.1) with ESMTP id g5L8cNFJ035514 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 21 Jun 2002 10:38:24 +0200 (CEST)?g (envelope-from ticso@cicely5.cicely.de) Received: (from ticso@localhost) by cicely5.cicely.de (8.12.1/8.12.1/Submit) id g5L8cLP4035513; Fri, 21 Jun 2002 10:38:21 +0200 (CEST)?g (envelope-from ticso) Date: Fri, 21 Jun 2002 10:38:21 +0200 From: Bernd Walter To: Joshua Lee Cc: Terry Lambert , root@utility.clubscholarship.com, freebsd-hackers@FreeBSD.ORG Subject: Re: inuring FreeBSD to the apache bug without upgrading apache ? Message-ID: <20020621083821.GG31943@cicely5.cicely.de> Reply-To: ticso@cicely.de References: <20020620141424.U68572-100000@utility.clubscholarship.com> <3D129688.356A87D0@mindspring.com> <20020621022930.088904b7.yid@softhome.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020621022930.088904b7.yid@softhome.net> X-Operating-System: FreeBSD cicely5.cicely.de 5.0-CURRENT i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 21, 2002 at 02:29:30AM -0400, Joshua Lee wrote: > On Thu, 20 Jun 2002 19:59:20 -0700 > Terry Lambert wrote: > > > Patrick Thomas wrote: > > > Is it possible to patch/recompile FreeBSD 4.5 in such a way that your > > > system is no longer vulnerable to the "chunking" attack, even if you are > > > still running a vulnerable apache ? > > Why not upgrade Apache...?? Both the 1 and 2 series have been updated I think. (I'm a newbie at server stuff, so bear with me if I made a faux pas.) The apache13+ipv6 port has not, because the last ipv6 patchset is available for 1.13.22. > > The way you would deal with this would be to tell Apache that it > > was an HTTP 1.0 server, since chunking is an HTTP 1.1 feature. > > > > The only place this is an issue is if you need to reuse an HTTP > > connection, and that only occurs in HTTP 1.1 when you are doing > > pipelining. Everywhere else, you can indicate an end of data > > Mozilla has an option to enable http pipelining as a performance option. I regularly used this, maybe I shouldn't? It should fallback. -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message