On 24/08/2016 4:24 a.m., Diogenes S. Jesus wrote: >>>> If you want to do things like this safely please upgrade to Squid-4 >>>> where the logformat codes are available. Those codes provide >>>> customizable escaping and quoting styles so you can set one that >>>> protects LDAP against these attacks to be ued on the URI field value >>>> sent by Squid. >>> >>> You mean these <http://www.squid-cache.org/Doc/config/logformat/> >>> logformats are available to be used in acl / external acls @ squid.conf? >> Or? >>> >> >> Yes. I'm trying to get all the things in squid.conf that take/use a >> custom format to use the logformat code system. Squid-4 is the >> external_acl_type directives turn. >> >> All of them are available for use in the %FORMAT field. It only depends >> on whether the data any given code outputs exists at the point of >> transaction where your ACL gets used. >> >> Amos >> >> > Cool. I've compiled the latest beta of squid4 and tested. I was able to > move to "%>rd", the following works: > Doh!. Thanks for the patch it has now been applied to Squid-4. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
