Actions
task #9219
openRevert: requests with %2F in URL are rejected by apache
Status:
New
Priority:
Highest
Assignee:
Category:
server-maintenance
Target version:
Start date:
Due date:
% Done:
0%
Estimated time:
Severity:
major
Description
remove the AllowEncodedSlashes On
made for #7563 from apache configurations:
# # NOTE: AllowEncodedSlashes is off per default to prevent possible security vulnerabilities. # To allow the cdmserver resolving http identifiers via HTTP GET requests it is required to # allow encoded slashes. See https://dev.e-taxonomy.eu/redmine/issues/7563 # AllowEncodedSlashes On
The edit servers and documentation needs to be adapted:
- edit-test: /etc/apache2/sites-available/default -
- edit-community: /etc/apache2/sites-available/siteconf -
- edit-jobber: -
- edit-integration: -
- edit-demo1: -
- edit-demo2: -
- add to cdmserver installation documentation https://cybertaxonomy.eu/cdmserver/installation -
Related issues
Updated by Andreas Kohlbecker over 3 years ago
- Related to bug #7563: requests with %2F in URL are rejected by apache added
Updated by Andreas Kohlbecker over 3 years ago
- Related to bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead added
Updated by Andreas Kohlbecker over 3 years ago
- Related to deleted (bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead)
Updated by Andreas Kohlbecker over 3 years ago
- Related to bug #9220: adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability added
Updated by Andreas Kohlbecker over 3 years ago
- Target version changed from Release 5.18 to Release 5.19
- Severity changed from normal to major
to be done right after the release 5.18 is deployed to our servers
Updated by Andreas Kohlbecker about 3 years ago
- Target version changed from Release 5.19 to Release 5.21
Updated by Andreas Müller about 3 years ago
- Target version changed from Release 5.21 to Release 5.22
Updated by Andreas Kohlbecker about 3 years ago
- Target version changed from Release 5.22 to Release 5.25
Updated by Andreas Müller almost 3 years ago
- Target version changed from Release 5.25 to Release 5.45
Actions