Matus UHLAR - fantomas wrote:
On Mon, 17 Mar 2008 11:31:39 +0000
"Robin Clayton" <twinturbo@xxxxxxx> wrote:
2.5-Stable-5
I have used squid for probably 8 years.
We see :)
It has recently come to my attention that sites with dynamic content
as denoted by a ? "question mark" are not being logged or blocked.
so for example searches on google do not show the full URL.
On 18.03.08 13:07, RW wrote:
I don't know much about 2.5 but in up-to-date versions, logging of query
urls is governed by "strip_query_terms". By default it's on to avoid
logging things like session IDs.
it's called privacy :)
It's called philanthropy: protecting idiots against themselves at ones
own cost.
No webmaster with any serious intentions of privacy publishes the
SESSION-IDs in visible URI. The sensible ones use session cookies,
nicely hidden from script-kiddies eyes, easily removed by
security-conscious users, and not getting in the way of smart users
direct-linking.
Amos
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
