Re: [squid-users] Squid 3.2.0.18 vs 2.7 - apostrophe in access.log - who must escape the client or Squid ?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 13 Jul 2012 11:11:44 +1200

On 12/07/2012 8:53 p.m., Bartel Viljoen wrote:
> Dear squid users.
>
> When using a client like FF/IE against Squid v3.2 and v2.7 with default logformat Squid always escape the apostrophes in the URL with %27 in the access.log
>
> When using a client like LINKS against Squid v3.2 and v2.7 with default logformat Squid only escape the apostrophes in the URL with %27 in the access.log with v2.7 and not with v3.2
>
> I assume clients like FF/IE escape the URL before passing it to Squid ?

Yes.

>
> Is this a possible bug in Squid v3.2 since Squid 2.7 does the proper escaping before logging it to access.log.
>
> The reason I'm asking is, I have a daemon as logger and now need to escape the URL value in the daemon since Squid v3.2.
>
> Who must escape the URL the client or Squid ?

Depends n which RFC they are following.

RFC 1738 states apostrophe (%27) is not a reserved character ad can be
ignored completely
"

    Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
    reserved characters used for their reserved purposes may be used
    unencoded within a URL.
"

RFC 3986 names apostrophe a reserved sub-delim
"

characters in the reserved
    set are protected from normalization and are therefore safe to be
    used by scheme-specific and producer-specific algorithms for
    delimiting data subcomponents within a URI.

"
and
"

URI producing applications should percent-encode data octets that
    correspond to characters in the reserved set unless these characters
    are specifically allowed by the URI scheme to represent data in that
    component.
"

In regard to this character squid complies with both.

Amos
Received on Thu Jul 12 2012 - 23:11:57 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 13 2012 - 12:00:02 MDT