; a8 P$ k# l% T1 |, U修复方案: 5 F% H' k- b- L, Y4 O - O4 s: G# d8 D5 p: M0 QApache官方提供4种错误处理方式(http://httpd.apache.org/docs/2.0/mod/core.html#errordocument),如下 6 N; `7 y+ Q- r V. H, C* ]* h4 W1 R. R$ k& `
In the event of a problem or error, Apachecan be configured to do one of four things,0 P6 }: e% f7 S$ w1 s
) T, C) L1 N. B" W+ G' t1. output asimple hardcoded error message输出一个简单生硬的错误代码信息 & t% t' X: J' s! o6 o% d* d2. output acustomized message输出一段信息 , g$ x2 G. y9 m! J: a3. redirect to alocal URL-path to handle the problem/error转向一个本地的自定义页面 . r$ n$ v9 q0 z6 k; d# _8 i
4. redirect to an external URL to handle theproblem/error转向一个外部URL 4 Y& n3 f& [ y- H9 y" y* t& L0 D) T3 h6 u4 f
经测试,对于400错误只有方法2有效,返回包不会再包含cookie内容 ( }% d2 O: m6 ]" P {5 A , ?+ ^$ Y% X" `+ {1 f: v1 @" P) ZApache配置: 6 v; n! Z9 r9 x* p- e+ O$ b 9 t7 s: y u$ C b$ b/ VErrorDocument400 " security test" ( T6 J& A( O& Y4 u! @! t7 G* V4 t; A# P$ V7 D6 R" ^; M
当然,升级apache到最新也可:)。- h7 C" s- M8 A7 l