Bugtraq: Re: blocking gzip encoded files

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: blocking gzip encoded files

From: "Josep L. Guallar-Esteve" <guallar () easternrad com>
Date: Tue, 24 Feb 2004 13:00:47 -0500

On Monday 23 February 2004 05:38 pm, Darwin Mecham wrote:

It has recently come to my attention that most browsers happily
do Accept-encoding: gzip and streaming decompression of
HTML data received with Content-encoding: gzip
 without asking.


This is because most browsers support HTTP-1.1 standard.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
http://www.w3.org/Talks/9608HTTP/
http://www.seoconsultants.com/articles/1000/http-compression.asp

This has been in use since sometime in 1998.


IIRC, HTTP 1.1 was endorsed by W3C ~ 1999

Is there a way to configure the run-of-the-mill browser to
block these at the host level ?


You can disable HTTP 1.1 compliance if you wish.

Darwin



Regards,
Josep
-- 
Josep L. Guallar-Esteve         Eastern Radiologists, Inc.
Systems and Network Administration  http://www.easternrad.com

By Date By Thread

Current thread:

Re: Windows XP explorer.exe heap overflow., (continued)
- Re: Windows XP explorer.exe heap overflow. Tim (Feb 24)
- Re: Windows XP explorer.exe heap overflow. Chris Calabrese (Feb 23)
  - blocking gzip encoded files Darwin Mecham (Feb 23)
    - Re: blocking gzip encoded files mgotts (Feb 24)
    - Re: blocking gzip encoded files Josep L. Guallar-Esteve (Feb 24)
- RE: Windows XP explorer.exe heap overflow. Michael Wojcik (Feb 23)