From owner-freebsd-hackers  Fri Jun 21  1:38:50 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106])
	by hub.freebsd.org (Postfix) with ESMTP id 32D7037B41A
	for <freebsd-hackers@FreeBSD.ORG>; Fri, 21 Jun 2002 01:38:38 -0700 (PDT)
Received: from cicely5.cicely.de (cicely5.cicely.de [IPv6:3ffe:400:8d0:301:200:92ff:fe9b:20e7])
	(authenticated bits=0)
	by srv1.cosmo-project.de (8.12.3/8.12.3) with ESMTP id g5L8cPMa017070
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK);
	Fri, 21 Jun 2002 10:38:29 +0200 (CEST)
	(envelope-from ticso@cicely5.cicely.de)
Received: from cicely5.cicely.de (localhost [IPv6:::1])
	by cicely5.cicely.de (8.12.1/8.12.1) with ESMTP id g5L8cNFJ035514
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Fri, 21 Jun 2002 10:38:24 +0200 (CEST)?g
	(envelope-from ticso@cicely5.cicely.de)
Received: (from ticso@localhost)
	by cicely5.cicely.de (8.12.1/8.12.1/Submit) id g5L8cLP4035513;
	Fri, 21 Jun 2002 10:38:21 +0200 (CEST)?g
	(envelope-from ticso)
Date: Fri, 21 Jun 2002 10:38:21 +0200
From: Bernd Walter <ticso@cicely5.cicely.de>
To: Joshua Lee <yid@softhome.net>
Cc: Terry Lambert <tlambert2@mindspring.com>,
	root@utility.clubscholarship.com, freebsd-hackers@FreeBSD.ORG
Subject: Re: inuring FreeBSD to the apache bug without upgrading apache ?
Message-ID: <20020621083821.GG31943@cicely5.cicely.de>
Reply-To: ticso@cicely.de
References: <20020620141424.U68572-100000@utility.clubscholarship.com> <3D129688.356A87D0@mindspring.com> <20020621022930.088904b7.yid@softhome.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020621022930.088904b7.yid@softhome.net>
X-Operating-System: FreeBSD cicely5.cicely.de 5.0-CURRENT i386
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Fri, Jun 21, 2002 at 02:29:30AM -0400, Joshua Lee wrote:
> On Thu, 20 Jun 2002 19:59:20 -0700
> Terry Lambert <tlambert2@mindspring.com> wrote:
> 
> > Patrick Thomas wrote:
> > > Is it possible to patch/recompile FreeBSD 4.5 in such a way that your
> > > system is no longer vulnerable to the "chunking" attack, even if you are
> > > still running a vulnerable apache ?
> 
> Why not upgrade Apache...?? Both the 1 and 2 series have been updated I think. (I'm a newbie at server stuff, so bear with me if I made a faux pas.)

The apache13+ipv6 port has not, because the last ipv6 patchset is
available for 1.13.22.

> > The way you would deal with this would be to tell Apache that it
> > was an HTTP 1.0 server, since chunking is an HTTP 1.1 feature.
> > 
> > The only place this is an issue is if you need to reuse an HTTP
> > connection, and that only occurs in HTTP 1.1 when you are doing
> > pipelining.  Everywhere else, you can indicate an end of data
> 
> Mozilla has an option to enable http pipelining as a performance option. I regularly used this, maybe I shouldn't?

It should fallback.

-- 
B.Walter              COSMO-Project         http://www.cosmo-project.de
ticso@cicely.de         Usergroup           info@cosmo-project.de


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message