</directivesynopsis>
<directivesynopsis>
-<name>EnforceHTTPProtocol</name>
+<name>HTTPProtocolOptions</name>
<description>Modify restrictions on HTTP Request Messages</description>
-<syntax>EnforceHTTPProtocol [Strict|Unsafe] [Allow0.9|Require1.0]</syntax>
-<default>EnforceHTTPProtocol Strict Allow0.9</default>
+<syntax>HTTPProtocolOptions [Strict|Unsafe] [Allow0.9|Require1.0]</syntax>
+<default>HTTPProtocolOptions Strict Allow0.9</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
<compatibility>2.2.32 or 2.4.24 and later</compatibility>
>§9.5 Response Smuggling</a> call out only two of the potential
risks of accepting non-conformant request messages. As of the introduction
of this directive, all grammer rules of the specification are enforced in
- the <code>Strict</code> operating mode.</p>
+ the default <code>Strict</code> operating mode.</p>
<p>Users are strongly cautioned against toggling the <code>Unsafe</code>
mode of operation for these reasons, most especially on outward-facing,
publicly accessible server deployments. Reviewing the messages within the
- <directive>ErrorLog</directive> in the <code>info</code>
- <directive>LogLevel</directive> or below can help identify such faulty
- requests, along with their origin. Users should pay particular attention
- to any 400 responses in the access log for indiciations that these requests
- are being correctly rejected.</p>
+ <directive>ErrorLog</directive>, configured with
+ <directive>LogLevel</directive> <code>info</code> level or below,
+ can help identify such faulty requests along with their origin.
+ Users should pay particular attention to any 400 responses in the access
+ log for indiciations that valid requests are unexpectedly rejected.</p>
<p><a href="https://tools.ietf.org/html/rfc2616#section-19.6"
>RFC 2616 §19.6</a> "Compatibility With Previous Versions" had
been removed" and offers additional comments in
<a href="https://tools.ietf.org/html/rfc7230#appendix-A"
>RFC 2616 Appendix A</a>. The <code>Require1.0</code> option allows
- the user to remove support of the <code>Allow0.9</code> default option's
+ the user to remove support of the default <code>Allow0.9</code> option's
behavior.</p>
</usage>
</directivesynopsis>
return NULL;
}
-static const char *set_enforce_http_protocol(cmd_parms *cmd, void *dummy,
+static const char *set_http_protocol_options(cmd_parms *cmd, void *dummy,
const char *arg)
{
core_server_config *conf =
conf->http_conformance |= AP_HTTP_CONFORMANCE_UNSAFE;
}
else {
- return "EnforceHttpProtocol accepts 'Allow0.9' (default), 'Require1.0',"
+ return "HttpProtocolOptions accepts 'Allow0.9' (default), 'Require1.0',"
" 'Unsafe', or 'Strict' (default)";
}
if ((conf->http09_enable & AP_HTTP09_ENABLE) &&
(conf->http09_enable & AP_HTTP09_DISABLE)) {
- return "EnforceHttpProtocol 'Allow0.9' and 'Require1.0'"
+ return "HttpProtocolOptions 'Allow0.9' and 'Require1.0'"
" are mutually exclusive";
}
if ((conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT) &&
(conf->http_conformance & AP_HTTP_CONFORMANCE_UNSAFE)) {
- return "EnforceHttpProtocol 'Strict' and 'Unsafe'"
+ return "HttpProtocolOptions 'Strict' and 'Unsafe'"
" are mutually exclusive";
}
"'on' (default), 'off' or 'extended' to trace request body content"),
AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF,
"merge request trailers into request headers or not"),
-AP_INIT_ITERATE("EnforceHttpProtocol", set_enforce_http_protocol, NULL, RSRC_CONF,
+AP_INIT_ITERATE("HttpProtocolOptions", set_http_protocol_options, NULL, RSRC_CONF,
"'Allow0.9' or 'Require1.0' (default) to allow or deny HTTP/0.9; "
"'Unsafe' or 'Strict' (default) to process incorrect requests"),
AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
projects / apache / commitdiff