At 10:25 03.09.99 +0200, Jens-S. Voeckler wrote:
>That is wrong, Squid uses the system's resolver library, and if your
>system's resolver supports it, Squid does support it. Which is true for
>most resolvers.
But Squid appends the "append_domain" configuration value
to every hostname that doesn't contain a dot, which prevents
the resolver from interpreting it as a dotless IP address.
"Handling" dotless IP addresses would require Squid to
recognize pure digit strings in the host part of URLs, and
refrain from appending append_domain to them.
> And it is not a bug of the resolver, but a "feature". Just
>typing "12." is a shortcut meaning "12.0.0.0", and "12.1" a shortcut for
>"12.0.0.1", etc.
These examples they contain at least one dot, and all the
numbers are less than 256. But I maintain that the resolver
should not interpret a digit string without any dots as a
numeric IP address. That behaviour conflicts with the
documentation, it is counterintuitive, and it has negative
security implications. What more do you need to call it a bug?
--
Tilman Schmidt E-Mail: Tilman.Schmidt@sema.de (office)
Sema Group Koeln, Germany tilman@schmidt.bn.uunet.de (private)
"newfs leaves the filesystem in a well known state (empty)."
- Henrik Nordstrom
Received on Fri Sep 03 1999 - 03:56:48 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:14 MST