Amos Jeffries wrote:
>> So of course the problem is proventia corrupting the HTTP headers and
>> we will raise an issue about that with IBM.
>>
>> But for the time being: is there a chance to make squid more
>> "tolerant" about those kind of problems? Without surprize I did not
>> find any fitting config options :-)
>>
> Not nearly as easy as it will be for IBM to issue a fix for it. Or even
> to replace the box with free software that works well.
Hehe, sure, no objections, it is just the world being far from perfect :-)
> Not also without opening some potential data-injection and cache
> poisoning flaws into Squid.
>
> Consider what happens with:
>
> HTTP/1.1 200 OK
> Bwahaha: "
> Cache-Control: private
>
> ...something you really did not want public...
> .
>
> vs:
>
> HTTP/1.1 200 OK
> Content-Type: "fu
> bar: tender: and: wine"
> Cache-Control: private
Hmm, reading the specs for HTTP message headers [1] I think this could
be done without imposing security issues. As per specification your last
example would read correctly:
-------CUT-------
HTTP/1.1 200 OK
Content-Type: "fu
bar: tender: and: wine"
Cache-Control: private
-------CUT-------
note the leading whitespace.
[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
-- Udo Rader, CTO http://www.bestsolution.at http://riaschissl.blogspot.comReceived on Wed Apr 22 2009 - 15:10:19 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 23 2009 - 12:00:01 MDT