/ Zope / Apsis / Pound Mailing List / Archive / 2005 / 2005-11 / Checking the URL

[ << ] [ >> ]

[ SSL Vhosts in Pound 2 / "MW Mike Weiner ... ] [ Simple Load Balancing 2.0 Config / Eric McCarthy ... ]

Checking the URL
Gaetan OFFREDO <gaetan.offredo(at)alcatel.fr>		 2005-11-28 14:53:28 [ FULL ] 
Hello all

I configured pound (version 1.9.x) on my LAN to be as secure as possible
For this I set the option CheckURL to 1

We have an in-house developped client on our LAN, requesting a CGI resource 
with an URL that has semicolons in its query part.

This request is automatically rejected by Pound (because of the semicolons)

Reading RFC2396 (URI generic syntax) I cannot see that the query part of URLs 
should be checked by any entity but the resource itself. Which standards do 
you refer to for checking the query part ?

If we suppose that Pound can verify the query part of URLs, which RFC do you 
refer to reject the semicolons in the query part ?

Thanks

Gaëtan
Re: Checking the URL
Gaetan OFFREDO <gaetan.offredo(at)alcatel.fr>		 2005-11-30 08:56:20 [ FULL ] 
Thank you Andrew (Taylor) for your explanation to configure Pound with the 
CSSegment, ... directive

(I have an in-house developped client on our LAN, requesting a CGI resource 
with an URL that has semicolons in its query part.
If I test it with Pound as a reverse proxy, the request is rejected by Pound
Is a CGI resource request  with semicolons correct ?)

But my need is :

I want my client to work in ANY infrastuctures and NOT SPECIFICALLY with Pound

So, my questions :
. Reading RFC2396 (URI generic syntax) I cannot see that the query part of
  URLs should be checked by any entity but the resource itself. Which
  standards do you refer to for checking the query part ?

. Which RFC was the Pound programmers to reject the semicolons in the query
  part ?

Thanks a lot

Gaëtan

On Mon November 28 2005 14:53, Gaetan OFFREDO wrote:[...]
[...]
MailBoxer