Re: [squid-users] [PATCH] Raw URL path ACL

From: Muthukumar <kmuthu_gct@dont-contact.us>
Date: Mon, 21 Jun 2004 19:28:56 +0530

>
> As I understand it (from reading the documentation in the example config),
> uri_whitespace only affects whitespace characters, have I misunderstood?
> I am talking about normal printable characters. i.e. the character "A"
> can be sent through a URI as either "P" or "%50". When filtering them
> using url_regex they will both match a regex containing "P". This is
> valid behaviour since the web server will usually unescape the path so
> your filter which blocks "PORN" still wants to catch it if someone tries
> to bypass it be requesting "%50ORN". However, in some situations (such as
> where URIs containing these escaped printable characters are a signature
> of a type of attack) you will want to be able to differentiate between the
> 2.
>
> In any case, uri_whitespace is a global option and would affect
> everything, whereas urlpath_regex and urlpath_raw_regex can be mixed.

Hai Steve,

    It is nice. You got it correctly. For acl setting as

    acl test urlpath_regex porn
    http_access deny test

Squid is hacked when I try to access the http://porn.com as http://50%orn.com.

One more change is needed in the patch as,

    make that acl to be available on squid.conf with your detailed comments for that.

If you wish make that change on patch and send it to list with CC to henrick.

Regards,
Muthukumar.

---
===============  It is a "Virus Free Mail" ===============
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 6/18/2004
Received on Mon Jun 21 2004 - 08:32:48 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT