On Tue, 1 Jun 1999, Nottingham, Mark (Australia) wrote:
> HOWEVER, it is possible for users to bypass this redirection in some cases.
> Because Web servers will ignore the query (?), parameter (;) and fragment
> (#) portions of the URL, including them can bypass the redirector regex,
> while still downloading the content. For instance,
> http://www.foo.com/bar.mp3?
> will, in many cases, get around the above regex.
>
> If you'd like to be The Man and keep the people down, try a regex like this:
>
> \.mp3([;#\?].*)*$
You'll probably find that \.mp3\b ('\b' being any character in the
word-boundry class) would do as well, and is what I have been using
for several months. It has caught every URL I've thrown at it for
testing purposes, as well as every URL the users have thrown at it.
:-)
Using the word-boundry class is useful in lots of other places, too...
I block banner sites thusly:
\bdoubleclick\.net
\bhyperbanner\.net
\bimgis\.com
\badforce\.com
\bsmartclicks\.com
etc...
This will catch any URL you can think of to any of these sites,
including those redirecting URLs such as
http://www.somesite.com/banner.cgi?http://foo.doubleclick.net/bar
I haven't done any benchmarks, but it might even be faster than
defining an arbitrary character class to match the situation.
-- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net
FreeBSD: The fastest and most stable server OS on the planet.
For Intel x86 and Alpha architectures (SPARC under development).
( http://www.freebsd.org )
"One should admire Windows users. It takes a great deal of
courage to trust Windows with your data."
Received on Mon May 31 1999 - 20:37:08 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:31 MST