- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 05 Aug 2012 12:31:55 +0000
- To: Amos Jeffries <squid3@treenet.co.nz>
- cc: ietf-http-wg@w3.org
In message <501E5A69.5000802@treenet.co.nz>, Amos Jeffries writes: >Only if you try to cache along the assumed filesystem hierarchy implicit >in URLs. Using the absolute URL as an opaque hash key (as Squid does) >instead of reading any meaning in its syntax avoids all these issues >completely. But opens you up to DoS attacks along the lines of: GET /ABCDEF.html GET /%41BCDEF.html GET /A%42CDEF.html ... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 5 August 2012 12:32:25 UTC