tor 2006-03-30 klockan 18:15 +0800 skrev Yoseph Basri: > Do you have idea how to solve this ? because without squid, the web > still can access. This server violates the HTTP protocol in a peculuar manner, and is rejected by Squid as the exact same violation to the protocol is used for bad purposes in attempts to poison the cache with false information for the purpose of defacing web sites, stealing traffic, stealing banking information and more ugly things.. In theory Squid could work around the broken site by cleaning up the response like it does for many other HTTP violations, but this has not been implemented for this specific violation. See cache.log for details on the specific protocol violation and the response splitting and request splitting advisories and the whitepapers referenced from there for more information on the security threats involved in this protocol violation. http://www.squid-cache.org/Advisories/ Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
