23.10.2025 06:45, Amos Jeffries пишет:
On 22/10/2025 22:04, Dmitry Melekhov wrote:
22.10.2025 12:55, Stuart Henderson пишет:
On 2025-10-22, Dmitry Melekhov wrote:
22.10.2025 08:17, Amos Jeffries пишет:
Any server could easily respond with HTTPS on port 80 - especially
since the domain "http" is rare and likely crafted to exist by an
attacker.
Sorry, I don't see any real problem here, otherwise all squids
before 7
are affected.
"all squids before 7 are affected" - surely that's exactly why this was
tightened up?
I didn't see any CVE about this.
Two reasons for that.
* the bug is bad helper output. Which means the CVE would be issued
against the specific helper being used.
- that requires finding the broken ones, and hence the error messages.
* using a URL-rewrite helper for access control/permissions is a
Squid misconfiguration on the admins part.
- thus my encouragement to use ACLs better.
If it work- then I'll use acls, unfortunately now it does not now
Unfortunately we did find another Squid bug when fixing your config.
Making this change to Rejik will let it accept "%>a %>A" instead of
needing "%>a/%>A" in the external_acl_type line.
--- parse_input.c 2013-11-15 23:28:02.000000000 +1300
+++ parse_input.c 2025-10-23 15:42:35.016801899 +1300
@@ -86,7 +86,7 @@
// Digit 4
k=tmp;
c=0;
- while(*str!='/')
+ while(*str!='/' && *str!=' ')
{
if (*str==0 || c>2) return (-1);
*k++=*str++;
Thank you, it work now, about 1/2 of it.
rejik does not receive user's name, so it blocks access even it is
allowed for this user.
before, when it is redirector:
2025-10-22 08:13:43 PORNO: 192.168.22.229 dm ero-tits.club:443 (urls
rule: ero-tits.club)
now:
2025-10-23 10:01:59 PORNO: 192.168.22.229 - ero-tits.club:443 (urls
rule: ero-tits.club)
as you can see , now I don't have access to porno, this not acceptable ;-)
Seriously, could you tell me what I have to correct?
Thank you!
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
