howard chen wrote:
Hello,
I notice some of our client is typing an additional dot at the end of
the domain, which make the squid ACL failed, e.g.
acl dstdomain_index dstdomain .example.com
So if client is using, e.g. http://www.example.com./, then ACL blocked
the client from accessing.
But in real sites this should be allowed? e.g. www.facebook.com./
No.
The trailing dot (.) is a DNS syntax label-terminator object (RFC 1035)
and is only allowed to be used in binary DNS packets.
Common usage has meant it now needs to be accepted in human-readable
displays or UI. But they should be translating it to RFC 1738 URL before
transmitting.
It should not be used in HTML, HTTP or other protocol transmitted URL.
Squid is RFC1738 compliant in its behavior.
Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
