Untitled

Title: Perhaps you are leaking private URLs to BlueCoat Date: 2014-06-21 10:20 Category: security Tags: security Slug: perhaps-you-are-leaking-private-URLs-to-BlueCoat Author: someone Summary: URLs leak to BlueCoat

While troubleshooting NGINX I’ve found interesting log lines:

::text
       199.19.249.196 - - [17/Jun/2014:12:26:17 +0000] "GET /very/secret-url HTTP/1.1" 401 596 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
       X9X.X1X.X9.X - - [17/Jun/2014:12:26:18 +0000] "GET /very/secret-url HTTP/1.1" 401 596 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"

Basicaly BlueCoat proxy verifies URLs ahead of real request. I’m sure that could be turned ON/OFF. Just be careful.