Alexander GrĂ¼ner wrote:
which malware does show the content to the user? :) Aha, probably
some of
those "toolbars" :)
according to my log at least:
"Mozilla/4.0 (compatible; MSIE 6.0.2600.0000;;Q324929;; Windows NT
5.0; FunWebProducts)"
"Mozilla/4.0 (Compatible; MyWaySearchAssistantDE)"
"Mozilla/4.0 (Compatible; MyWebSearch)"
"Mozilla/4.0 (Compatible; MyWebSearchSearchAssistant)"
a lot more according to:
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/user-agents/useragents.txt?root=Spyware-User-Agents&rev=1.4&view=markup
:-)
this one is really funny:
VIRUS Beagle Worm beagle_beagle
anyway, I am still missing a possibility to report the malware.
further ideas are to block old Browser versions with security leaks
like Firefox 1.0.1 etc.
ok, I could do it with different files and different error messages,
each for one single blocking event...but I do not like that idea very
much... ;-)
BTW: Looking to the source code of squid does not reveal the
possibility to customize this event...at least not for somebody like
me who cannot program at this high level...perhaps it is really not
possible ?
Regards,
Alexander
Perhaps it's not the route you would like to take, but you can use an
external webserver to supply your deny_info pages. A dynamic page
written with SSI, PHP, Perl or the like would be able to show the
UserAgent. A lightweight httpd server (such as thttpd) could be run on
the same hardware as the Squid server without too much impact, if no
other webserver was available.
Chris
