Merge r1179239 from trunk: SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some reverse proxy configurations by strictly validating the request-URI: * server/protocol.c (read_request_line): Send a 400 response if the request-URI does not match the grammar from RFC 2616. This ensures the input string for RewriteRule et al really is an absolute path. Reviewed by: jim, covener, rjung
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/server/protocol.c