I am trying understand what your proposed patch is actually doing and
what you are trying to solve with it... seems you are only looking
for URL escapes of high characters.
What I don't get is why you don't simply use a regex for this
purpose..
acl nonascii_characters urlpath_regex %[^2-7] [^!-~]
Having URL escapes of any character in the URL is as such a perfectly
legal thing to do, and is quite often required. It should not be
blocked hardcoded in url.c. If you want to do access controls then
these checks belongs as acls.
Should perhaps also note that the URL as such may contain "high"
characters in their normal form, not necessarily URL escaped. Your
patch will not notice these.. the simple regex above catches these as
well.
Regards
Henrik
On Monday 30 September 2002 10.01, Greg Sheard wrote:
> Hi,
>
> I work for a security company in Yorkshire, England, and many of
> the solutions we provide use Squid for proxying and caching. We've
> previously used squidGuard as a redirector, but are now moving away
> and relying on Squid's built-in features. One of the biggest
> problems with squidGuard is the lack of support for filtering UTF-8
> and other encodings, apart from the generic US-ASCII. I noticed
> that Squid also lacks this, so I wrote the code.
>
> Key parts of Squid that are of interest to me are:
> * ACLs - especially the regex ones
> * Security features
> * Cache peering
> * Authentication
>
> Attached is a patch to give UTF-8 blocking support. It's come
> through testing here, and I'd welcome any feedback. In summary, it
> adds the new directive uri_utf (like uri_whitespace) with the
> possible states DENY and ALLOW.
>
> Cheers,
>
> Greg Sheard
> Technical Director
> ECSC Ltd.
> www.ecsc.co.uk
>
> #include <legal_disclaimer.h>
>
> "You have enemies? Good. That means you've
> stood up for something, sometime in your life."
> -- Sir Winston Churchill
Received on Wed Oct 02 2002 - 16:01:48 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:51 MST