[squid-dev] [PATCH] Temporary fix to restore compatibility with Amazon

Alex Rousskov rousskov at measurement-factory.com
Thu Jul 16 01:16:16 UTC 2015


On 06/26/2015 06:44 AM, Amos Jeffries wrote:
> +            // invalid character somewhere in the line.
> +            // As long as we can find the LF, accept the characters
> +            // which we know are invalid in any URI, but actively used
> +            LfDelim.add('\0'); // Java
> +            LfDelim.add(' ');  // IIS
> +            LfDelim.add('\"'); // Bing
> +            LfDelim.add('\\'); // MSIE, Firefox
> +            LfDelim.add('|');  // Amazon


On 06/26/2015 09:40 AM, Alex Rousskov wrote:

> In your patch, please add support for all URI characters that we can
> support (or at least all the "unwise" ones from RFC 2396), not just the
> characters that recent deployments have already confirmed "as necessary
> to accommodate". We do not want to come back to this every time some app
> starts sending slightly malformed URIs.


Just got another bug report from the real world. This time it is about
the "^" character used in URLs on a Microsoft news site (probably coming
from some affiliated advertisement services).

I am posting this not to just to emphasize that the list of added
characters is too limited, but to re-emphasize that the whole "allow
what we know is actively used" approach is unfortunate. In your
long-term patch, please add support for all URI characters that we can
support (or at least all the "unwise" ones from RFC 2396).


Thank you,

Alex.



More information about the squid-dev mailing list