Bugtraq mailing list archives
Re: SurfControl Bypass Vulnerability
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Fri, 23 Mar 2001 16:20:44 -0800
Paul Cardon <paul () MOQUIJO COM> writes:
Whatever software is doing that should be converting the "hostname" into something it can match. A small amount of translation never goes astray. When that is done, evrything is either a hostname or a dotted-quad string and life is much easier.Chris and I recommended to the vendors that everything be translated to a canonical form before matching (32-bit unsigned ints in network byte order are tremendously unambiguous).
A URL containing an IP address is not canonical for HTTP. HTTP 1.1 does virtual hosting via the "Host:" header, so multiple distinct servers can be on a single IP. If you restrict based on IP, you'll block access to both http://www.juicysex.com/ and http://www.bible-history.org/, should they both be on the same box. ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
Current thread:
- SurfControl Bypass Vulnerability Witter, Franklin (Mar 21)
- Re: SurfControl Bypass Vulnerability skelly (Mar 22)
- Re: SurfControl Bypass Vulnerability Don Weber (Mar 22)
- <Possible follow-ups>
- Re: SurfControl Bypass Vulnerability Witter, Franklin (Mar 22)
- Re: SurfControl Bypass Vulnerability Chris St. Clair (Mar 22)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)
- Re: SurfControl Bypass Vulnerability Paul Cardon (Mar 23)
- Re: SurfControl Bypass Vulnerability Dan Harkless (Mar 25)
- Re: SurfControl Bypass Vulnerability Ben Ford (Mar 26)
- Re: SurfControl Bypass Vulnerability Valdis Kletnieks (Mar 26)
- Re: SurfControl Bypass Vulnerability c0ncept (Mar 26)
- Re: SurfControl Bypass Vulnerability Ryan Russell (Mar 26)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)