Idle Hacking

Thought it would be a good time to share this. Mongrel ESI, is a little project I’ve been working on for a few months now. It provides a simple means of caching views. You can include cachable fragments in a page by using the <esi:include tag.

You can invalidate fragments by using the <esi:invalidate tag

The cache server works as a proxy server. To configure how it proxies, modify the config/routes.yml

insurance:
  host: 127.0.0.1
  port: 3001
  match_url: ^\/(special_app).*
default:
  host: 127.0.0.1
  port: 3000

The command line interface is a clone of mongrel_rails. To start

mongrel_esi start

It only implements a small subset of the ESI spec, but it’s a pretty useful subset IMO…

Software ESI, mongrel, Proxy, Ruby

This is something I’ve been thinking about for awhile now. Mainly I’ve been trying to understanding how it can happen. I believe the most common method for this kind of attack is coming from forms that allow free text that later ends up in some document on a site. Thought this was a pretty interesting article, helped me understand XSS a little bit better.

Here’s another interesting article about XSS

Software Proxy, XSS