> Its not currently possible to block such requests in Squid because
> the funny characters are a part of the "login" component of the
> URL. Squid doesn't have any ACLs that use or care about the login
> data. It should be pretty easy to come up with a patch that does.
The attached patch adds a new ACL type: urllogin
With it you could write some rules to deny any HTTP request that contains
any login credentials:
acl UrlHasLogin urllogin .
http_access deny UrlHasLogin
or you can deny a request where the login data contains
a non-alphanumeric character:
acl SketchyLogin urllogin [^a-zA-Z0-9]
http_access deny SketchyLogin
Duane W.
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:17 MST