- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Fri, 22 Feb 2013 18:49:12 +0000 (UTC)
- To: ietf-http-wg@w3.org
Amos Jeffries <squid3@...> writes: > Client, middlware, and routing infrastructure do not need to care about > the path+query portion for their operations other than as an opaque > blob. Unfortunately not true. We had cases where misbehaving users (that *knew* they were misbehaving) changed dynamically the name of the accessed host, and the only way to stop the damage was a path match (which fortunately was discriminating). And a lot of botnet attacks can be identified by the access to a special path, which is the same on all infected servers users access to. In all those cases the query portion is just garbage to be ignored, the path – not. 'Do not need to care' is another word for 'no creative users' -- Nicolas Mailhot
Received on Friday, 22 February 2013 18:49:48 UTC