Re: Support for HTTP Upgrade in transparent proxy

its ok James :) Von meinem iPhone 5 gesendet > Am 23 yan, 2014 um 21:08 schrieb "James Peach" : > >> On Jan 23, 2014, at 1:11 AM, Bahram Akhundov wrote: >> >> Hi Marcelo. >> I have found bug :) >> If traffic server the latest version installed (4.1.2) , i can XSS and SQL >> injection make :)

Re: Support for HTTP Upgrade in transparent proxy

On Jan 23, 2014, at 1:11 AM, Bahram Akhundov wrote: > Hi Marcelo. > I have found bug :) > If traffic server the latest version installed (4.1.2) , i can XSS and SQL > injection make :) > The latest version have vuln :) > I will ddos onw eb site, then the traffic server will caching the web site,

Re: Support for HTTP Upgrade in transparent proxy

The web site have no XSS or SQJ injection :) I'm security man =) i know what are what not are ... The web server traffic have back door and geve me acces to SQL injection :)

RE: Support for HTTP Upgrade in transparent proxy

@Bahram: That sounds me like a normal behavior (ATS caches http traffic), if a website is vulnerable to XSS it remains so also if you put it beyond ATS, why it shouldn't?

Re: Support for HTTP Upgrade in transparent proxy

HTTP Upgrade in transparent proxy I will be happy to help as well. Regards, Shaun -Original Message- From: Alan M. Carroll [mailto:a...@network-geographics.com] Sent: Tuesday, January 21, 2014 3:41 PM To: dev@trafficserver.apache.org Subject: Re: Support for HTTP Upgrade in transparent

RE: Support for HTTP Upgrade in transparent proxy

...@owmobility.com] Sent: Wednesday, January 22, 2014 11:29 PM To: dev@trafficserver.apache.org Subject: RE: Support for HTTP Upgrade in transparent proxy I will be happy to help as well. Regards, Shaun -Original Message- From: Alan M. Carroll [mailto:a...@network-geographics.com] Sent: Tuesday

RE: Support for HTTP Upgrade in transparent proxy

I will be happy to help as well. Regards, Shaun -Original Message- From: Alan M. Carroll [mailto:a...@network-geographics.com] Sent: Tuesday, January 21, 2014 3:41 PM To: dev@trafficserver.apache.org Subject: Re: Support for HTTP Upgrade in transparent proxy Tuesday, January 21, 2014

Re: Support for HTTP Upgrade in transparent proxy

Tuesday, January 21, 2014, 6:01:17 AM, you wrote: > Hi, > I implemented a solution for HTTP Upgrade in ATS under Seamless Access SW (a > Mobixell product). > We'll be happy to contribute with the solution but I don't know what the > procedure is. I can take point on that. Do you have access t

RE: Support for HTTP Upgrade in transparent proxy

aun.mcginn...@gmail.com] Sent: Monday, January 20, 2014 12:43 PM To: dev@trafficserver.apache.org Subject: Support for HTTP Upgrade in transparent proxy Hi, are any intentions to support HTTP Upgrade in a transparent proxy deployment? For example when a client requests an upgrade to web-sockets

Support for HTTP Upgrade in transparent proxy

Hi, are any intentions to support HTTP Upgrade in a transparent proxy deployment? For example when a client requests an upgrade to web-sockets we see ATS remove the Connection: upgrade and Upgrade: websocket headers (because they are hop-by-hop) but this breaks the upgrade end-to-end. Ideally it