On Tue, Oct 03, 2017 at 06:57:45PM +0200, Marcus Ulbrich wrote: > Hey Jarno, > > This seems to work stable! > The idea for this acl was to prevent attackers testing for example MySQL > injection by sleep command. ,,sleep" is in none of our URLs! > Do you have an idea about an acl about this not crashing haproxy?
I wouldn't be surprized if there was an issue for example with a %00 causing a length mismatch between two parts. At least now we have an idea where to look for the bug. It shouldn't take very long anymore to spot the problem. Willy
