RE: [squid-users] Strange HTTP Header causing error message fromsquid to user

From: Elsen Marc <[email protected]>
Date: Tue, 8 Mar 2005 15:48:40 +0100

 
>
> On Tue, 2005-03-08 at 13:17 +1300, Reuben Farrelly wrote:
>
> > I'll put a request in Fedora Core bugzilla, for the maintainer to
> > upgrade the package to -STABLE9..
> >
> > reuben
>
> Wow. thanks.
>
> So this is safe? Has anyone looked into the security aspects of very
> badly implemented HTTP Headers (and their Servers)?
>
 
 - Squid did,on recent releases and now offers the squid admin.
various choices :

# TAG: relaxed_header_parser on|off|warn
# In the default "on" setting Squid accepts certain forms
# of non-compliant HTTP messages where it is unambiguous
# what the sending application intended even if the message
# is not correctly formatted. The messages is then normalized
# to the correct form when forwarded by Squid.
#
# If set to "warn" then a warning will be emitted in cache.log
# each time such HTTP error is encountered.
#
# If set to "off" then such HTTP errors will cause the request
# or response to be rejected.
#

 M.
Received on Tue Mar 08 2005 - 07:50:07 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST