W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Request Routing Information [was: Do we kill the

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Fri, 22 Feb 2013 18:49:12 +0000 (UTC)
To: ietf-http-wg@w3.org
Message-ID: <loom.20130222T194234-85@post.gmane.org>
Amos Jeffries <squid3@...> writes:

> Client, middlware, and routing infrastructure do not need to care about 
> the path+query portion for their operations other than as an opaque 
> blob. 

Unfortunately not true. We had cases where misbehaving users (that *knew* they
were misbehaving) changed dynamically the name of the accessed host, and the
only way to stop the damage was a path match (which fortunately was
discriminating).

And a lot of botnet attacks can be identified by the access to a special path,
which is the same on all infected servers users access to.

In all those cases the query portion is just garbage to be ignored, the path –
not.

'Do not need to care' is another word for 'no creative users'

--  
Nicolas Mailhot
Received on Friday, 22 February 2013 18:49:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 22 February 2013 18:49:51 GMT