On Thu, 4 May 2017, Chip M. wrote:
John, how about a rule against the redirection parameter itself
(i.e. "redirect_uri")? I suspect it'll hit too much ham, however
it would make a great meta combined with obscure/cheap TLDs,
and/or other characteristics.
I've added that to my own MassCheck queue, and will report back.
Take a look at "redirector_pattern" use in 20_uri_tests.cf and
hstern/20_uri_tests.cf.
It looks like several google redirector patterns are present, but not a
redirect via accounts.google.com, that's new.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The world has enough Mouse Clicking System Engineers.
-- Dave Pooser
-----------------------------------------------------------------------
4 days until the 72nd anniversary of VE day
