* Using squid 1.1.beta10, i found that url like
http://www.foo.bar.
and ^^^
http://www.foo.bar
(with or without a final point) was considered different
i think it could be a good thing to choose one form and
convert all url to that form.
----
* To prevent hackers to trick our cache to connect on
unwanted service ports (especially for the gopher case)
i've set up this (laborious) rule :
acl badports url_regex ^[a-z]+://[^:/]+:(0.*|[0-9]|[01234569][0-9]|[0-9][0-9][0-9]|10[012][0-9]|6[0-9][0-9][0-9][0-9].*)[^0-9]
http_access deny badports
-> this prevent connection on reserved ports except ports from 70 to 89
-> 0.* should not be necessary because it seems that heading 0 are removed from port num.
-> ports over 60000 (should be 65535 but...) are blocked (to avoid wrap around)
I think this is not an optimal way of doing it, but it's first a step.
May be this problem could be adressed by a specific configuration option
to avoid this slow and awfull regex matching.
comments welcome !
LF.
-- -- Laurent FACQ - facq@u-bordeaux.fr (05.56.84.65.34) - Reseau REAUMUR / BordeauxReceived on Wed Nov 06 1996 - 07:01:24 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:29 MST