Re: [squid-users] ACL to match %AA

From: Stefan Bohm <mlists@dont-contact.us>
Date: Fri, 10 Mar 2006 17:14:21 +0100

Hi Henrik,

I tracked down the problem to the external redirect program squidGuard.
This program seems to detect URLs longer than 4k. Logging them generates
a buffer overflow from which it does not recover until the squid reloads.
When this happens to one of the first externals redirectors, all requests
to this client are answered by an empty string. I assume this is interpreted
as "no change" and generates a forwarding loop?

So everything seems to be fine with squid.

Thanks and have a nice weekend
Stefan

Henrik Nordstrom schrieb:
> ons 2006-03-08 klockan 12:00 +0100 skrev Stefan Bohm:
>> Hello Henrik,
>>
>> do you have any idea, what might cause the "Forwarding loop detected"
>> problem, after someone submits the strange URL containing lots of %NN chars?
>
> What does access.log say?
>
>
>> As I said wrote before, this can only be resolved be reloading the squid.
>>
>> Regards
>> Stefan
>>
>> Henrik Nordstrom schrieb:
>>> tis 2006-03-07 klockan 12:44 +0100 skrev mlists:
>>>> Hi folks,
>>>>
>>>> is there any way to set up an urlpath_regex that matches %AA in a URL?
>>> Only by having the normalized form of %AA in your pattern.
>>>
>>>> Before feeding the URL into the ACL regex, squid seems to urldecode
>>>> such fancy characters:
>>> Correct, as it would otherwise be trivial to bypass any pattern by
>>> simply %NN encode selected parts..
>>>
>>> Regards
>>> Henrik
Received on Fri Mar 10 2006 - 09:13:45 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST