-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Mar 08, 2017 at 11:34:54AM +0200, Juha Heinanen wrote: > to...@tuxteam.de writes: > > > Note the underscored parts. You are talking about (path) segments.
[...] > Thanks for your answer. The request below works over TLS in apache2 > 2.4.10-10+deb8u7, but fails in 2.4.10-10+deb8u8 unless I turn on > > #HttpProtocolOptions unsafe > > There is crlf after each line and there are no tabs. > > I can't figure out what is wrong with it. > > -- Juha > > ######## > T 2017/03/08 11:28:05.427711 127.0.0.1:49612 -> 127.0.0.1:80 [AP] > POST /manager/xml-rpc-server.php HTTP/1.1. > Host: 127.0.0.1. > Connection: close. > Content-Type: text/xml. > Content-Length: 841. Hm. I haven't the resources to track down everything, but I'd try first changing the host to localhost (although rfc3986 explicitly allows a "naked" ipv4 address as host part). A quick and brainless search points to Debian bug 849082 [1], which mentions rfc7230 as reference (this seems at first glance to refer back to 3986 and to *still* allow naked ipv4 addresses as host part, though). Keep us updated :-) regards [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849082 - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAli/1FAACgkQBcgs9XrR2kYWQgCfQc0trfHuqfXj4MnBaYNeq7Xm 8D0AnRGSMxuTJr5GBLKVfk367/Cj3asV =5Pml -----END PGP SIGNATURE-----
