Search squid archive

Re: transparent squid + clamav + https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ons 2010-03-17 klockan 07:51 +0100 skrev Henrik Nordström:
> ons 2010-03-17 klockan 03:53 +0000 skrev Amos Jeffries:
> 
> > During the infected period imaginary-HAVP scans the documents and sends a
> > large "clean" prefix to all visitors.
> >  BUT... aborts when the appended infection is detected. Browser is lucky
> > enough to notice the file is incomplete and retires later with a range
> > request for the missing bit.
> > 
> >  a) during the infected period the fetched ranges will never succeed.
> 
> ok.
> 
> >  b) after the infection is cleaned up the file will pass through
> > imaginary-HAVP and client will get a truncated version. With complete-file
> > being indicated.
> 
> Only if the server is seriously broken and uses the same cache validator
> for this modified response.
> 
> This is exacly why ETag SHOULD be used and not Last-Modified.

And I forgot to mention that clients accepting to merge such responses
is also broken as the object signature differs (differnt advertised
length) and MUST NOT be merged.

Inplace alterations of files without change in size or last-modified is
trickier to detect, especially as many servers are known to not detect
that and still responds with same ETag (Apache is one of them).

Regards
Henrik


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux