I added a coarse fix that detects fewer than three slashes in the candidate URL and slaps a trailing slash on the end.

I also went ahead and finally hardened the default install to exact limiting.

Problem code is in impl/XMLApplication.cpp in limitRedirect. It assumes the "prefix" of the URL will either end in a colon or a slash to prevent accidentally comparisons of hostnames that overlap.

Thanks, Scott. Yes, sure, please move it to an RFE ticket. That is suitable.

It's a byproduct of the primitive evaluations it's doing to compare the URL to what should be allowed for that limit option. It should be fixable, it's just an enhancement to allow for that case gracefully. Can I move this into a RFE ticket?

I'll have to review the code, I'm not sure what the missing slash means to it.