John Hardin wrote:
>
> Everybody:
>
> I'm trying to protect my users against the attacks outlined in
> http://www.sidesport.com/hijack/
>
> I tried adding a deny url_regex ACL for "\%3Cscript\%20", but it looks
> like url_regex ignores the text after ? in a CGI URL.
Seems to work fine here.
I tried
acl no url_regex notthis
http_access deny no
Then requested "http://localhost/something?notthis" and it got properly
denied.
Most likely your regex pattern does not match the request. Try with
egrep.
egrep 'your_regex'
http://....
-- Henrik Nordstrom Squid HackerReceived on Fri Jun 15 2001 - 14:28:02 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:46 MST