--- Coro/myhttpd/httpd.pl	2007/12/08 21:01:16	1.84
+++ Coro/myhttpd/httpd.pl	2008/02/18 17:48:00	1.85
@@ -426,6 +426,9 @@
    my $host = $self->{server_name};
    my $uri = $self->{uri};
 
+   $host =~ /[\/\\]/
+      and $self->err(400, "bad request");
+
    # some massaging, also makes it more secure
    $uri =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr hex $1/ge;
    $uri =~ s%//+%/%g;