Hello,
I'm watching something strange with digest and squid
With an url like this http://www.hercules.com/thumb/phpThumb.php?q=95&w=110&h=110&src=D:\inetpub\www.hercules.com\fichier\h_photo\883\photo_file_eplugnano500.715.png&f=jpeg&bg=FFFFFF
Squid breaks the identification and loop to replay user/password
After many tests, this kinds of url are enough
http://test.xx/test.php?=d:\
http://test.xx/test.php?c\
http://test.xx/test.php=?c\
http://test.xx/testphp=?c\
And also
http://test.xx/testphp?test\
http://test.xx/testphp?test\test
But
http://test.xx/test.php?=c: -> no problem
http://test.xx/test.php=c:\ -> no problem
http://test.xx/testphp\test\test -> no problem
A link between ? - ? and \ -
Same problem with Firefox or IE
Each request my nonce change:
http://test.xx/testphp?test\test
Digest username=\"fb\", realm=\"TEST\", nonce=\"csZ3UvgEvgy1JyB8\", uri=\"/testphp?test\\test\", response=\"9d45408e10947be1e3b30687debdaf59\", qop=auth, nc=00000007, cnonce=\"7dd57eb66bea3863\"
Digest username=\"fb\", realm=\"TEST\", nonce=\"s8Z3UtjMpgybCDlF\", uri=\"/testphp?test\\test\", response=\"ba4e42e292a37e4608197c9eaa027e36\", qop=auth, nc=00000001, cnonce=\"e445e6971c14a053\"
Any help would be appreciated
Received on Mon Nov 04 2013 - 16:21:29 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 04 2013 - 12:00:08 MST