Hello,
I REALLY need a help here.
Nowadays we are using ACL system to avoid users access to some websites.
Those users can only access a limited list of sites (around 30), any =
place outside this list is blocked. I don't know how or when, but =
somebody discovery a way to cheat those ACLs.
Here is what's happeneing:
Everybody can access the site www.telefutura.com.br, but nobody can =
access the website www.uol.com.br.
Now if any user type one of the three strings bellow the access to this =
blocked website is grant (anyways you can only read the text of it =
through, all the other links are broken).
www.uol.com.br/telefutura.com.br
www.uol.com.br/?telefutura.com.br
www.uol.com.br/$telefutura.com.br
What can I do to avoid it ?
I already have some ACLs in place to avoid downloads and access to some =
type of files - ex: .*\.mp3($|\/?) -, but I still don't know how to =
handle those mixed URLs request.
Sorry for my Bad English
Received on Thu Sep 30 2004 - 12:34:42 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:03 MDT