squidcache@barendse.to wrote:
>
> I am using squid as our web proxy and use a filtering proxy after squid to
> enforce control over the website my users can visit.
>
> I noticed something really weird in my logfiles where a user was accessing
> a webiste using a double dot extension.
>
> The user has done this by accident by apparently squid is automagically
> correcting the broken url.
>
> This is wat the log shows:
> 2003.1.3 12:54:56 10.1.2.233 http://www.hollandinternational..nl GET 5407
> 2003.1.3 12:54:56 10.1.2.233 http://www.hollandinternational..nl/css/txt.css GET 5598
> Notice the ..nl!!
>
> I have tried this myself (client using Win98 / IE6) and was able to browse
> url's like www.google....nl
>
> This is very undesirable because my filtering proxy filters out some
> websites deemed inappropriate for our site but these invalid domain names
> are not in the blacklist and are therefore happily passed on to the user.
>
> It would be very impractical to include every possible dot combination in
> our blacklists.
>
> Is this a bug or feature of squid that can be disabled? I have tried this
> on squid squid-2.4.STABLE6-6.7.3 and squid-2.4.STABLE7-4 with same
> results.
>
I am not on the same frequency as you on this one.
My squid (2.5S1) shows the 'normalized' url in the logs :
hollandinternational.nl
Meaning that my blocker (squidguard) can not be circumvented using
such syntaxes.
M.
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
-- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)Received on Mon Jan 06 2003 - 03:14:12 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:28 MST