Risk for using HTTP/1.0 instead of HTTP/1.1
Hello all,
I have a question for Apache masters .. Due to some 502 http error. I set some parameters in my httpd.conf like : SetEnv force-proxy-request-1.0 1 SetEnv proxy-nokeepalive 1 SetEnv proxy-initial-not-pooled 1 What is the risk to use HTTP/1.0 instead of HTTP/1.1 ? Is there security risk ? Regards |
I'm not an "Apache master" but I'd say, looking at Real Life vulnerabilities, the risk isn't in the protocol version but more likely in what the web stack provides (wrongly configured, improperly exposed, outdated or otherwise vulnerable software I mean). BTW you should be absolutely certain you should combat HTTP 502 errors in this way.
|
All times are GMT -5. The time now is 05:29 PM. |