howard chen wrote:
> Hello,
>
> I notice some of our client is typing an additional dot at the end of
> the domain, which make the squid ACL failed, e.g.
>
> acl dstdomain_index dstdomain .example.com
>
>
> So if client is using, e.g. http://www.example.com./, then ACL blocked
> the client from accessing.
>
> But in real sites this should be allowed? e.g. www.facebook.com./
>
No.
The trailing dot (.) is a DNS syntax label-terminator object (RFC 1035)
and is only allowed to be used in binary DNS packets.
Common usage has meant it now needs to be accepted in human-readable
displays or UI. But they should be translating it to RFC 1738 URL before
transmitting.
It should not be used in HTML, HTTP or other protocol transmitted URL.
Squid is RFC1738 compliant in its behavior.
Amos
-- Please use Squid 2.7.STABLE3 or 3.0.STABLE7Received on Thu Jun 26 2008 - 04:27:43 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 26 2008 - 12:00:04 MDT