Re: How to deny the null dstdomain

From: Jens-S. Voeckler <voeckler@dont-contact.us>
Date: Tue, 11 Jul 2000 13:14:11 +0200 (CEST)

On Tue, 11 Jul 2000, Robert Collins wrote:

]If I understand your problem you want to deny any request that looks
]like: http://somelocalserver/xxx
] ^^^^^^^^^^^^^^^
]
]I would try
]acl NoDomainName url_regex -i http://.*[\.]{0}.*/
]http_access deny NoDomainName

Just looking at the RE, my first suggestion *was*:

        acl NoDomainName url_regex http://[^./]*/

That catches empty hostnames and hostnames without period. If you just
want to catch the latter, replace the asterisk with a plus.

But the REs are *not* sufficient according to RFC 2396. A valid http URI
may be as complex as:

        http://[<userinfo_incl_:>@]<fqdn>[:<port>]/<pathstuff>

so even a

        ^http://([^@/]*@)?[^./:]*(:[0-9]+)?/?

might not suffice to catch *all* empty or no-domain hosts. BTW, RFC 2396
only allows digits as port identifiers. And remember, URIs are user input
--> arbitrarily obscure and can possibly be even more complicatedly
invalid, and will almost certainly break many REs.

Le deagh dhùrachd,
Dipl.-Ing. Jens-S. Vöckler (voeckler@rvs.uni-hannover.de)
Institute for Computer Networks and Distributed Systems
University of Hanover, Germany; +49 511 762 4726
Received on Tue Jul 11 2000 - 05:17:58 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:29 MST