|
|
|
|
|
|
by zimpenfish
4249 days ago
|
|
|
Actually, thinking about it, didn't Zed Shaw make a Ragel-based strict-conformance HTTP parser? > Simply being more explicit about what is valid HTTP means that most of the security attacks that worked on Apache were rejected outright when tried on Mongrel. Which I guess is a qualified "sounds like it, maybe?" |
|
|