I was looking at using some regex with squid to detect URL based XSS before it gets to the users browser.

What comments does the community have about using this type of protection?

Care to elaborate?

Sure. The thing is that it's very hard if not impossible to craft a regex that can take care of input sanitation in any possible scenario. The link to the thread is here to illustrate the process of trying to create a system that is capable of solving this problem and that is 95% done but on the other hand will never be 100% complete.

Since you are talking about detection and not mitigation the thread should be worth a read for you - since that is what we do there.

Greetings,
.mario

as .mario said: sanitation nearly impossible

I'd use a white list, in perl somthing like:
m/^[a-zA-Z0-9]*$/ || die 'fuck off, not vulnerable';

Yep!

another thing to mitigate the GET issues, can be a couple of .htaccess rules that simply blocks dangerous stuff, but be careful with those.

RewriteCond %{HTTP_REFERER} ^(.*)(%00|%08|%09|%0A|%0B|%0C|%0D|%0E|%0F|%2C|<|>|')(.*) [NC,OR]
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{REQUEST_URI} ^(/,|/;|/<|/>|/'|/`|//////|/%2E%2E|/%17|/%18|%19|/%F8%80) [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%00|%0A|%0B|%0C|%0D|%0E|%0F|%2C|%3C|%3E|%27)(.*) [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)('|<|>|,|/|\\|\.a|\.c|\.t|\.d|\.p|\.i|\.e|\.j)(.*) [NC,OR]
RewriteCond %{HTTP_COOKIE} ^(.*)(<|>|'|%3C|%3E|%27)(.*) [NC]
RewriteRule ^(.*)$ error.php [NC]

it does however blocks most SQL and XSS attacks, not the exotic ones of course.