I am considering what to block.
When I am testing for urls and methods I have discovered that not all
requests are supported by the browsers and not all of the can contain
unwanted content.
For example a HEAD request cannot contain any body and there might not
to be filtered.
A PUT request cannot be issued without some sort of complex JS and this
comes from GET or POST requests only and also web services do not allow
the usage of PUT requests to fetch content even if it can be used for that.
So I am looking at the RFC and I think that maybe not all requests needs
to be inspected in a content filtering solution.
If the issue is security then it's one thing but in most cases it is not
required.
I am sure that GET and POST requests should be filtered but I am not
sure that in all cases it is required to filter all other http methods.
What do you think needs to be filtered?(in a more technical aspect)
Thanks,
Eliezer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
