From 74a5f93a855ae16c600b8837aaf4c8793a44041d Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Mon, 29 Aug 2016 17:33:04 +0000 Subject: [PATCH] Regenerate git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758267 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/core.html.en | 33 ++++++++++---------------- docs/manual/mod/core.xml.de | 2 +- docs/manual/mod/core.xml.es | 2 +- docs/manual/mod/core.xml.fr | 2 +- docs/manual/mod/core.xml.ja | 2 +- docs/manual/mod/core.xml.meta | 2 +- docs/manual/mod/core.xml.tr | 2 +- docs/manual/mod/quickreference.html.en | 3 +-- 8 files changed, 19 insertions(+), 29 deletions(-) diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en index 7068a63c70..d6c611fd65 100644 --- a/docs/manual/mod/core.html.en +++ b/docs/manual/mod/core.html.en @@ -2031,10 +2031,8 @@ media type in the HTTP Content-Type header field - + [RegisteredMethods|LenientMethods] [Allow0.9|Require1.0] + @@ -2055,9 +2053,13 @@ LenientMethods Allow0.9 which did not conform to the protocol. RFC 7230 §9.4 Request Splitting and §9.5 Response Smuggling call out only two of the potential - risks of accepting non-conformant request messages. As of the introduction - of this directive, all grammer rules of the specification are enforced in - the default Strict operating mode.

+ risks of accepting non-conformant request messages, while + RFC 7230 §3.5 "Message Parsing Robustness" identify the + risks of accepting obscure whitespace and request message formatting. + As of the introduction of this directive, all grammer rules of the + specification are enforced in the default Strict operating + mode, and the strict whitespace suggested by section 3.5 is enforced + and cannot be relaxed.

RFC 3986 §2.2 and 2.3 define "Reserved Characters" and "Unreserved Characters". All other character octets are required to @@ -2066,20 +2068,9 @@ LenientMethods Allow0.9 containing invalid characters. This rule can be relaxed with the UnsafeURI option to support badly written user-agents.

-

RFC 7230 §3.5 "Message Parsing Robustness" permits, and - identifies potential risks of parsing messages containing non-space - character whitespace. While the spec defines that exactly one space - seperates the URI from the method, and the protocol from the URI, and - only space and horizontal tab characters are allowed in request header - field contents, the Apache HTTP Server was traditionally lenient in - accepting other whitespace. The default StrictWhitespace - option will now reject non-conforming requests. The administrator may - toggle the UnsafeWhitespace option to continue to honor - non-conforming requests, with considerable risk of proxy interactions.

- -

Users are strongly cautioned against toggling the Unsafe, - UnsafeURI or UnsafeWhitespace modes of operation - particularly on outward-facing, publicly accessible server deployments. +

Users are strongly cautioned against toggling the Unsafe + or UnsafeURI modes of operation, particularly on + outward-facing, publicly accessible server deployments. If an interface is required for faulty monitoring or other custom service consumers running on an intranet, users should toggle only those Unsafe options which are necessary, and only on a specific virtual host configured diff --git a/docs/manual/mod/core.xml.de b/docs/manual/mod/core.xml.de index 7242049638..0df52d649a 100644 --- a/docs/manual/mod/core.xml.de +++ b/docs/manual/mod/core.xml.de @@ -1,7 +1,7 @@ - + + + diff --git a/docs/manual/mod/core.xml.ja b/docs/manual/mod/core.xml.ja index b98b9626f7..028381caae 100644 --- a/docs/manual/mod/core.xml.ja +++ b/docs/manual/mod/core.xml.ja @@ -1,7 +1,7 @@ - + +

Description:Modify restrictions on HTTP Request Messages
Syntax:HttpProtocolOptions [Strict|Unsafe] [StrictURL|UnsafeURL] - [StrictWhitespace|UnsafeWhitespace] [RegisteredMethods|LenientMethods] - [Allow0.9|Require1.0]
Default:HttpProtocolOptions Strict StrictURL StrictWhitespace -LenientMethods Allow0.9
Default:HttpProtocolOptions Strict StrictURL LenientMethods Allow0.9
Context:server config, virtual host
Status:Core
Module:core