Re: [PATCH] Raw URL path ACL

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 23 Jun 2004 17:04:58 +0200 (CEST)

On Wed, 23 Jun 2004, Steve Hill wrote:

> The attached patch adds a new ACL type called "urlpath_raw_regex". It
> works in exactly the same way as "urlpath_regex" except no unescaping of
> the URI is done first, which makes it possible to filter specific attacks
> that escape some characters in the URI without blocking legitimate
> requests.

Many thanks for your patch.

The acl added looks quite useful even if I am not sure if it should be
done as a separate ACL or simply as a flag to the existing acl.

On a further note a similar (but different) problem also exists for the
dstdomain and dstdomain_regex acl where one may want per acl to
enable/disable the reverse lookup of IP addresses to match the domain.

Note: I have taken the liberty to attach your previous Squid-2.5 patch for
the archives.

Regards
Henrik

Received on Wed Jun 23 2004 - 09:05:05 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 30 2004 - 12:00:03 MDT