Some users have been known to bury information in headers that should not leave a
security-conscious site. Clearly, it is not possible to individually screen all possible
headers. Instead, one approach might simply be to reject messages that contain more
than 25 headers or more than 10,000 bytes of headers. The following extract from a
site??™s mc file does just that:
LOCAL_CONFIG
Kcompute arith
LOCAL_RULESETS
Scheck_eoh
R $* $| $* $: $(compute l $@ 25 $@ $1 $) $| $2
R TRUE $| $* $#error $@ 5.7.0 $: "553 Too many headers"
R $* $| $* $: $(compute l $@ 10000 $@ $2 $)
R TRUE $#error $@ 5.7.0 $: "553 Too many header bytes"
The LOCAL_CONFIG part of this mc file declares an arith database map (?§23.7.1
on page 898) named compute.
The LOCAL_RULESETS part of this mc file declares the specially named rule set
check_eoh, which has four rules.
The first rule passes $1, the value to the left of the $| in the workspace, to the compute
database map. A comparison is made to see whether 25 is less than that value. If it is,
this rule will return TRUE, a $|, and $2 in the workspace. Otherwise, it will return
FALSE, a $|, and $2.
The second rule checks to see whether the comparison was true. If it was (if 25 is less
than the number of headers??”that is, if the number of headers is greater than 25), the
message is rejected.
The third rule passes the value to the right of the $| in the workspace, to the compute
database map.
Pages:
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049