Project

General

Profile

task #9219

Revert: requests with %2F in URL are rejected by apache

Added by Andreas Kohlbecker 11 days ago. Updated 11 days ago.

Status:
New
Priority:
Highest
Category:
server-maintenance
Target version:
Start date:
07/19/2018
Due date:
% Done:

0%

Severity:
normal

Description

remove the AllowEncodedSlashes On made for #7563 from apache configurations:

  #
  # NOTE: AllowEncodedSlashes is off per default to prevent possible security vulnerabilities.
  #       To allow the cdmserver resolving http identifiers via HTTP GET requests it is required to 
  #       allow encoded slashes. See https://dev.e-taxonomy.eu/redmine/issues/7563  
  #
  AllowEncodedSlashes On

The edit servers and documentation needs to be adapted:

  1. edit-test: /etc/apache2/sites-available/default -
  2. edit-community: /etc/apache2/sites-available/siteconf -
  3. edit-jobber: -
  4. edit-integration: -
  5. edit-demo1: -
  6. edit-demo2: -
  7. add to cdmserver installation documentation https://cybertaxonomy.eu/cdmserver/installation -

Related issues

Related to Edit - bug #7563: requests with %2F in URL are rejected by apache Closed 07/19/2018
Related to Edit - bug #9220: adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability Resolved 09/07/2020

History

#1 Updated by Andreas Kohlbecker 11 days ago

  • Related to bug #7563: requests with %2F in URL are rejected by apache added

#2 Updated by Andreas Kohlbecker 11 days ago

  • Description updated (diff)

#3 Updated by Andreas Kohlbecker 11 days ago

  • Related to bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead added

#4 Updated by Andreas Kohlbecker 11 days ago

  • Related to deleted (bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead)

#5 Updated by Andreas Kohlbecker 11 days ago

  • Related to bug #9220: adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability added

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)