EVE Technology Lab

So I just got bit in the ass doing a server upgrade during EVE's downtime.

It turns out the use of underscores in the IGB headers is actually considered invalid by Apache 2.4

http://httpd.apache.org/docs/trunk/new_features_2_4.html
"Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. "

So that means in PHP for example, you will not get the HTTP_EVE_blah headers in $_SERVER.

So basically, don't upgrade to the latest Apache until CCP fix their mess.


Edit: https://forums.eveonline.com/default.aspx?g=posts&t=152695

Turns out there was a discussion before but it was locked. WHY CCP?

Arrrggh lovely. Seems my host upgraded apache and apache_request_headers() wont work because apparently php is not setup as an apache module.

Various website claim the following function (http://stackoverflow.com/a/9276269) works as a replacement but this only seems to work on the default headers, not the eve-trust header. (Outputting all headers/trying to access the trust header directly both return nothing)

Anyone got any work around suggestions that dont require admin access to the server? :p I guess im stuck waiting X months/years for CCP to actually get around to looking at this.

There was a .htaccess i saw which was meant to fix this issue for people a while ago. No idea if it works though sorry.