There are some "reasonable" length limitations, like limiting maximal http header size. As far as i remember, though, most cases of exploits that were unable to sneak through were some m$-specific url encoding abuses that are just unsupported by proxy. On Fri, Oct 04, 2002 at 10:26:38AM -0400, Paul D. Robertson wrote: > On Fri, 4 Oct 2002 arkat_private wrote: > > > Sometimes. It is often prevented _before_ vulnerability is known if > > the exploit breaks http protocol, otherwise you can block it with regexp. > > Every time I've looked at the protocol spec, it's been a sieve- there > aren't length definitions in most of the specification. Could you provide > some examples of things which break the protocol please? > > Paul > ----------------------------------------------------------------------------- > Paul D. Robertson "My statements in this message are personal opinions > probertsat_private which may have no basis whatsoever in fact." > probertsonat_private Director of Risk Assessment TruSecure Corporation -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 07:48:06 PDT