W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

HTTP/2: Another reason to find a safer encoding

From: Willy Tarreau <w@1wt.eu>
Date: Tue, 31 Jul 2012 19:36:55 +0200
To: ietf-http-wg@w3.org
Message-ID: <20120731173655.GA12322@1wt.eu>

Ivan Ristic recently presented a wide collection of methods to bypass
web application firewalls using implementation differences in HTTP
stacks :


While some of them have already been discussed to great extents, including
here, I think it's worth a read and reminds us that we really need to
address the ambiguities of request encoding if we want to make the web

Received on Tuesday, 31 July 2012 17:37:21 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 October 2015 05:36:54 UTC