https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #12 from Guido Jäkel <g.jae...@dnb.de> --- Dear Mark, I miss something important about the "directory traversal": If is set "AllowEncodedSlashes NoEncode" and "JkOptions +ForwardURICompatUnparsed", then with the example setup, the URI /examples/foo/..%2F../doc is also passed as is to the backend ad it's also up to the backend to do the right thing, i.e. not to treat '%2F' in a path element as a '/'. Therefore, my patch don't "introduce" this "challenge" for the backend, it just prevent mod_jk from breaking the URL with "JkOptions +ForwardURIProxy". -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
