Alex Rousskov wrote:
> It is already possible in 1.2. Look for httpMsgIsPersistent in
> HttpMsg.c. We disable persistent connections for Netscape 3.x. We
> could disable it for any other browser, just add more "if
> (!strncasecmp())" statements.
As a test I disabled the check for Mozilla/3, and it turns out that
Netscape 3.01gold has the same bug. It looks like all versions of UNIX
Netscape has this bug. It would be interesting if someone could test
Netscape on other platforms.
A note on User-Agent: Internet Explorer masquerades as Mozilla, but I
don't beleive it has the same bug.
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)
Perhaps we should use a fullblown ACL for persistent connection checks,
and add a acl type for regexp checks on User-Agent (or even better, a
generic acl type matching any header). This is most likely needed in
both directions (client & server connections) as there is both servers
and clients who can't handle persistent connections correctly in all
cases, and it looks like persistent connection support is going to be
messy for a long while.
Apache 1.2.6 for example do not detect when a cgi-bin program sends a
false Content-Length: header which may be a problem if used together
with a proxy. Furtunately the effects of this is limited to the same
server, but it may allow anyone with the right to write cgi-bin programs
to pollute cache with false versions of pages he has no right to change.
/Henrik
Received on Tue Jul 29 2003 - 13:15:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:49 MST