Hello, I REALLY need a help here.
Nowadays we are using ACL system to avoid users access to some websites. Those users can only access a limited list of sites (around 30), any = place outside this list is blocked. I don't know how or when, but = somebody discovery a way to cheat those ACLs. Here is what's happeneing: Everybody can access the site www.telefutura.com.br, but nobody can = access the website www.uol.com.br. Now if any user type one of the three strings bellow the access to this = blocked website is grant (anyways you can only read the text of it = through, all the other links are broken). www.uol.com.br/telefutura.com.br www.uol.com.br/?telefutura.com.br www.uol.com.br/$telefutura.com.br What can I do to avoid it ? I already have some ACLs in place to avoid downloads and access to some = type of files - ex: .*\.mp3($|\/?) -, but I still don't know how to = handle those mixed URLs request. Sorry for my Bad English
