W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

HTTP/2: Another reason to find a safer encoding

From: Willy Tarreau <w@1wt.eu>
Date: Tue, 31 Jul 2012 19:36:55 +0200
To: ietf-http-wg@w3.org
Message-ID: <20120731173655.GA12322@1wt.eu>
Hi,

Ivan Ristic recently presented a wide collection of methods to bypass
web application firewalls using implementation differences in HTTP
stacks :

   https://community.qualys.com/blogs/securitylabs/2012/07/25/protocol-level-evasion-of-web-application-firewalls

While some of them have already been discussed to great extents, including
here, I think it's worth a read and reminds us that we really need to
address the ambiguities of request encoding if we want to make the web
safer.

Regards,
Willy
Received on Tuesday, 31 July 2012 17:37:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 31 July 2012 17:37:27 GMT