R
Roedy Green
Here is a little correspondence I had with my ISP
A recent security/compatibility update to Apache2 is the reason for
this behaviour. The serious problems occur when "Transfer-Encoding:
chunked" is sent by Apache2 in the HTTP headers -- this specific
header, which improves performance, is not compatible with, and also
causes a security problem (I'm not sure why, and I remain skeptical of
this particular claim, but I'm comfortable with the compatibility
justification), can't be sent as well, so Apache2 omits it.
Anyone know anything about this? Why would using content-length
present a security risk?
A recent security/compatibility update to Apache2 is the reason for
this behaviour. The serious problems occur when "Transfer-Encoding:
chunked" is sent by Apache2 in the HTTP headers -- this specific
header, which improves performance, is not compatible with, and also
causes a security problem (I'm not sure why, and I remain skeptical of
this particular claim, but I'm comfortable with the compatibility
justification), can't be sent as well, so Apache2 omits it.
Anyone know anything about this? Why would using content-length
present a security risk?