<p>Starting with version 2.4, Apache is more strict about how HTTP
- headers are converted to environment variables in <code class="module"><a href="./mod/mod_cgi .html">mod_cgi
+ headers are converted to environment variables in <code class="module"><a href="./mod/mod_cgi.html">mod_cgi
</a></code> and other modules: Previously any invalid characters
in header names were simply translated to underscores. This allowed
for some potential cross-site-scripting attacks via header injection
Unusual Web Bugs</a>, slide 19/20).</p>
<p>If you have to support a client which sends broken headers and
- which can't be fixed, a simple workaround involving <code class="module"><a href="./mod/mod_setenvif .html">mod_setenvif
+ which can't be fixed, a simple workaround involving <code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif
</a></code> and <code class="module"><a href="./mod/mod_headers.html">mod_headers</a></code> allows you to still accept
these headers:</p>
code, but is not compiled by default. It can be built with
the server by passing the option <code>--enable-rewrite[=shared]</code>
to the configure command. Many binary distributions of
- Apache come with <code class="module"><a href="../mod/mod_rewrite .html">mod_rewrite </a></code> included. The following is an
+ Apache come with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite </a></code> included. The following is an
example of an Apache virtual host that takes advantage of
pre-rendered blog pages:
</p>
projects / apache / commitdiff