Actually, thinking about it, didn't Zed Shaw make a Ragel-based strict-conformance HTTP parser?
> Simply being more explicit about what is valid HTTP means that most of the security attacks that worked on Apache were rejected outright when tried on Mongrel.
Which I guess is a qualified "sounds like it, maybe?"
> Simply being more explicit about what is valid HTTP means that most of the security attacks that worked on Apache were rejected outright when tried on Mongrel.
Which I guess is a qualified "sounds like it, maybe?"