[33920] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

blocking gzip encoded files

daemon@ATHENA.MIT.EDU (Darwin Mecham)
Mon Feb 23 19:23:51 2004

Message-ID: <403A80EF.1080900@cissp.com>
Date: Mon, 23 Feb 2004 15:38:39 -0700
From: Darwin Mecham <darwin@cissp.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <20040223213107.55252.qmail@web41503.mail.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-MDaemon-Deliver-To: bugtraq@securityfocus.com
X-MDRcpt-To: bugtraq@securityfocus.com

It has recently come to my attention that most browsers happily
do Accept-encoding: gzip and streaming decompression of
HTML data received with Content-encoding: gzip
 without asking.

This has been in use since sometime in 1998.

Is there a way to configure the run-of-the-mill browser to
block these at the host level ?

Darwin


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[33920] in bugtraq

blocking gzip encoded files

daemon@ATHENA.MIT.EDU (Darwin Mecham)Mon Feb 23 19:23:51 2004

daemon@ATHENA.MIT.EDU (Darwin Mecham)
Mon Feb 23 19:23:51 2004