Firewall Wizards mailing list archives
URI Filtering in Web Servers???
From: Boni Bruno <boni () dsw net>
Date: Thu, 09 Aug 2001 00:59:54 +0000
I was wondering why apache, iPlanet, IIS, Oracle, etc have not built a module to filter uri submissions to their web server. Instead of waiting for patches to be made available by these vendors, it seems a lot easier to just have a file that the web server could reference as a filter before processing a request. Having a filter file that supports wildcards and restricts meta characters and size of uri requests can solve a lot of security problems. I know you can do this with IDS systems, but why not handle it in the web server itself? The designer of a web site could filter everyting but his programs. If he did not program buffer restrictions or traps or sandboxes in his code, the web server could compensate for a lot of short commings if such a uri filtering scheme was made available. I know this does not address all the security problems, but I think it will help a lot! What do you think? Mr. Ranum, did you address this in your WEB Security book??? If I'm way off base here, forgive me... Regards, boni bruno _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- URI Filtering in Web Servers??? Boni Bruno (Aug 10)