- From: Phillip Hallam-Baker <hallam@gmail.com>
- Date: Sun, 5 Aug 2012 12:23:42 -0400
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
On Sun, Aug 5, 2012 at 8:31 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <501E5A69.5000802@treenet.co.nz>, Amos Jeffries writes: > >>Only if you try to cache along the assumed filesystem hierarchy implicit >>in URLs. Using the absolute URL as an opaque hash key (as Squid does) >>instead of reading any meaning in its syntax avoids all these issues >>completely. > > But opens you up to DoS attacks along the lines of: > > GET /ABCDEF.html > GET /%41BCDEF.html > GET /A%42CDEF.html > ... Those are actually the same URL. Just different encodings. -- Website: http://hallambaker.com/
Received on Sunday, 5 August 2012 16:24:09 UTC