[squid-users] squid 7.1 , url_rewrite_program does not work

[Amos Jeffries]

On 22/10/2025 22:04, Dmitry Melekhov wrote:
> 22.10.2025 12:55, Stuart Henderson пишет:
>> On 2025-10-22, Dmitry Melekhov wrote:
>>> 22.10.2025 08:17, Amos Jeffries пишет:
>>>> Any server could easily respond with HTTPS on port 80 - especially
>>>> since the domain "http" is rare and likely crafted to exist by an
>>>> attacker.
>>> Sorry, I don't see any real problem here, otherwise all squids before 7
>>> are affected.
>> "all squids before 7 are affected" - surely that's exactly why this was
>> tightened up?
>>
>>
> I didn't see any CVE about this.
> 

Two reasons for that.

  * the bug is bad helper output. Which means the CVE would be issued 
against the specific helper being used.

   - that requires finding the broken ones, and hence the error messages.

  * using a URL-rewrite helper for access control/permissions is a Squid 
misconfiguration on the admins part.

   - thus my encouragement to use ACLs better.

Unfortunately we did find another Squid bug when fixing your config.


Making this change to Rejik will let it accept "%>a %>A" instead of 
needing "%>a/%>A" in the external_acl_type line.

--- parse_input.c	2013-11-15 23:28:02.000000000 +1300
+++ parse_input.c	2025-10-23 15:42:35.016801899 +1300
@@ -86,7 +86,7 @@
      // Digit 4
      k=tmp;
      c=0;
-    while(*str!='/')
+    while(*str!='/' && *str!=' ')
      {
       if (*str==0 || c>2) return (-1);
       *k++=*str++;



HTH
Amos