4de6632693
With these options, it is possible to accept some invalid messages that may considered as unsafe and may result as vulnerabilities. The naming is not explicit enough on this point. These option must really be considered as dangerous and only used as a temporary workaround. Unfortunately, when used, it is probably because there are some legacy and unsupported applications in place. Nevermind. The documentation warns about the use of these options. Now the name of the options itself is a warning. So now, "accept-invalid-http-request" and "accept-invalid-http-response" options are deprecated and replaced by "accept-unsafe-violations-in-http-request" and "accept-unsafe-violations-in-http-response" options. |
||
|---|---|---|
| .. | ||
| 1k.txt | ||
| acl_cli_spaces.vtc | ||
| agents.acl | ||
| converters_ipmask_concat_strcmp_field_word.map | ||
| converters_ipmask_concat_strcmp_field_word.vtc | ||
| default_rules.vtc | ||
| del_header.vtc | ||
| except-forwardfor-originalto.vtc | ||
| forwarded-header-7239.vtc | ||
| h1or2_to_h1c.vtc | ||
| http-err-fail.vtc | ||
| http_after_response.vtc | ||
| http_return.vtc | ||
| ifnone-forwardfor.vtc | ||
| lf-file.txt | ||
| map_ordering.map | ||
| map_ordering.vtc | ||
| map_redirect-be.map | ||
| map_redirect.map | ||
| map_redirect.vtc | ||
| map_regm_with_backref.map | ||
| map_regm_with_backref.vtc | ||
| normalize_uri.vtc | ||
| path_and_pathq.vtc | ||
| restrict_req_hdr_names.vtc | ||
| strict_rw_mode.vtc | ||