[dns-operations] bug in Apache handling of real FQDNs

Mark Andrews marka at isc.org
Mon Jun 8 21:53:17 UTC 2015


>From a protocol perspective these are illegal URLs are should never
be emited on the wire.  They should never be in a html document.

The only place where they are vaguely ok is when typed into a
location bar on a browser and if they are accepted there then they
should be made cannonical before being sent over the wire.  The
browser should be comparing the cannonical form sent over the wire
to what is returned.  They are part of the UI.  They are not part
of the protocol.

Apache should never see them.  It should always reject them if it sees
them.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list