Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Dropping connection instead of returning 400
Date: Tue Mar 01 2005 - 22:59:37 CST
I have an application proxy "under my pillow" so to speak. I've built it
from the ground up over the past couple years with security in mind. It
has been a long and tedious task, but I think my efforts are finally
starting to pay off.
One thing that keeps coming back to me is 400 Bad Request handling. It is
now my opinion that security proxies should just drop connection when
faced with traffic they refuse to handle.
I put some thoughts on this on my blog here:
Which cause one client developer to call me a non-compliant wanker here:
I then followed up with the general thought that I'm willing to be
non-compliant in the name of security:
So what do you think? Is security worth non-compliance with the HTTP spec?
Implementing an HTTP proxy?
Consider a fast, secure alternative