enforcing access is via urlbase
jay ball
jay at veggiespam.com
Fri Oct 1 17:59:40 UTC 2004
bugzilla at glob.com.au wrote:
>>Another point is that if the end-user is using HTTP/1.0 to access
>>Bugzilla, then there is no way for Bugzilla to know which hostname they
>>used. (although we can certainly tell if they're using SSL or not)
>
>
> ah. i'd forgotten about that. that would be a show stopper.
>
what about
RewriteCond %{THE_REQUEST} !.*HTTP/...$ [OR]
RewriteCond %{HTTP:Server} !.* [OR]
RewriteCond %{THE_REQUEST} .*HTTP/1.0$
RewriteRule ^/.* /http-1.1-required.html
The first line might handle HTTP 0.9 or requests without the HTTP doodad
on the request line, the second looks for a server header, and the final
does HTTP 1.0. Someone with less nachos in the stomach might be able to
perfect it the suggestion; i have not tested it.
Max write:
> You know, to be fair, with our CSS redesign plans, we're going to be
> dropping support for most clients that would be using HTTP/1.0 anyhow.
So, if this is true, then just ban HTTP/1.0. Q: how many v1.0 or v0.9
requests do many of you get any longer?
Random thought.
-j
More information about the developers
mailing list