> On Thursday 11 December 2003 3:07 pm, DB wrote:
>
> > I saw a new IE exploit descibed as follows:
> >
> > ---------------------
> > http://www.secunia.com/advisories/10395/
> >
> > Example displaying only "http://www.trusted_site.com" in the address bar
> > when the real domain is "malicious_site.com":
> > http://www.trusted_site.com%01@malicious_site.com/malicious.html
> > --------------------
> >
> > I'm trying to use an acl to prevent access to such urls. I tried this:
> >
> > acl ieflaw url_regex %01@
> >
> > and
> >
> > http_access deny ieflaw
> >
> > but this doesn't seem to do anything at all
What do you see in access.log?
Regards
Henrik
Received on Thu Dec 11 2003 - 14:49:28 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:10 MST