On Tue, 18 Jan 2005, Henrik Nordstrom wrote:
> The HTTP smuggling paper references another paper from the same group
> describing interesting ways of cache pollution. I am currently working on
> hardening Squid further from the described attack.
Patch now available in bug #1200.
One minor question which arised during this.. should we even attempt to
cache HTTP/0.9 style responses? (only body, no header or status line)
Today caching of such responses can be forced by a refresh pattern with a
min age >0, but I am not sure this is wise to allow to be cached as I
suspect this kind of replies quite likely happens in protocol screwups..
Regards
Henrik
Received on Tue Jan 18 2005 - 15:30:12 MST
This archive was generated by hypermail pre-2.1.9 : Tue Feb 01 2005 - 12:00:02 MST