[squid-users] squid 7.1 , url_rewrite_program does not work

Dmitry Melekhov dm at belkam.com
Thu Oct 23 06:12:19 UTC 2025

Previous message (by thread): [squid-users] squid 7.1 , url_rewrite_program does not work
Next message (by thread): [squid-users] squid 7.1 , url_rewrite_program does not work
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

23.10.2025 06:45, Amos Jeffries пишет:
> On 22/10/2025 22:04, Dmitry Melekhov wrote:
>> 22.10.2025 12:55, Stuart Henderson пишет:
>>> On 2025-10-22, Dmitry Melekhov wrote:
>>>> 22.10.2025 08:17, Amos Jeffries пишет:
>>>>> Any server could easily respond with HTTPS on port 80 - especially
>>>>> since the domain "http" is rare and likely crafted to exist by an
>>>>> attacker.
>>>> Sorry, I don't see any real problem here, otherwise all squids 
>>>> before 7
>>>> are affected.
>>> "all squids before 7 are affected" - surely that's exactly why this was
>>> tightened up?
>>>
>>>
>> I didn't see any CVE about this.
>>
>
> Two reasons for that.
>
>  * the bug is bad helper output. Which means the CVE would be issued 
> against the specific helper being used.
>
>   - that requires finding the broken ones, and hence the error messages.
>
>  * using a URL-rewrite helper for access control/permissions is a 
> Squid misconfiguration on the admins part.
>
>   - thus my encouragement to use ACLs better.


If it work- then I'll use acls, unfortunately now it does not now

>
> Unfortunately we did find another Squid bug when fixing your config.
>
>
> Making this change to Rejik will let it accept "%>a %>A" instead of 
> needing "%>a/%>A" in the external_acl_type line.
>
> --- parse_input.c    2013-11-15 23:28:02.000000000 +1300
> +++ parse_input.c    2025-10-23 15:42:35.016801899 +1300
> @@ -86,7 +86,7 @@
>      // Digit 4
>      k=tmp;
>      c=0;
> -    while(*str!='/')
> +    while(*str!='/' && *str!=' ')
>      {
>       if (*str==0 || c>2) return (-1);
>       *k++=*str++;
>
Thank you, it work now, about 1/2 of it.

rejik does not receive user's name, so it blocks access even it is 
allowed for this user.


before, when it is redirector:

2025-10-22 08:13:43 PORNO: 192.168.22.229  dm ero-tits.club:443 (urls 
rule: ero-tits.club)

now:

2025-10-23 10:01:59 PORNO: 192.168.22.229  - ero-tits.club:443 (urls 
rule: ero-tits.club)


as you can see , now I don't have access to porno, this not acceptable ;-)


Seriously, could you tell me what I have to correct?


Thank you!

Previous message (by thread): [squid-users] squid 7.1 , url_rewrite_program does not work
Next message (by thread): [squid-users] squid 7.1 , url_rewrite_program does not work
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list