Hi all, I'm configuring a squid 3 proxy and I want, to deny access to all unwanted browsers but that is not working.
here are my current acl : **************************************************************************** acl all_src src 0.0.0.0/0.0.0.0 acl nodst url_regex ^.*sex.*$ ^.*porn.*$ ^.*hack.*$ ^.*crack.*$ ^.*drug.*$ acl nodst1 url_regex -i \.bat$ \.cmd$ \.exe$ \.pif$ \.vbs$ \.ade$ \.adp$ acl nodst2 url_regex -i \.bas$ \.chm$ \.cpl$ \.eml$ \.hlp$ \.hta$ \.inf$ acl nodst3 url_regex -i \.ins$ \.isp$ \.jse$ \.lnk$ \.msc$ \.msi$ \.msp$ acl nodst4 url_regex -i \.mst$ \.reg$ \.sct$ \.shs$ \.vb$ \.vbe$ \.vbs$ acl nodst5 url_regex -i \.wav$ \.avi$ \.ogg$ \.wma$ \.wme$ \.wsc$ \.wsf$ acl nodst6 url_regex -i \.wsh$ \.sh$ \.mp3$ \.scr$ \.cab$ \.zip$ \.tar$ acl nodst7 url_regex -i \.gz$ \.bz2$ \.xpi$ \.wmv$ \.mpeg$ acl contenttype1 req_mime_type ^.*video.*$ ^.*audio.*$ http_access deny all_src nodst http_access deny all_src nodst1 http_access deny all_src nodst2 http_access deny all_src nodst3 http_access deny all_src nodst4 http_access deny all_src nodst5 http_access deny all_src nodst6 http_access deny all_src nodst7 request_header_access Content-Type deny contenttype1 acl checkua browser -i ^.*Mozilla/.*$ ^Keyvelop$ ^ClamWin/.*$ http_access deny !checkua external_acl_type authuser %DST %SRC [a secret path]/getloggeduser.sh acl isok external authuser http_access allow isok http_access deny all **************************************************************************** getloggeduser.sh is retrieving the user logged on the host, and checking his access right (full or restricted) against ldap ; in case of full rights or restricted rights (if dst is allowed) it return OK user=USERNAME. If user has no rights or if dst is not allowed, it return err user=USERNAME. it also log datetime username rights, url and if access is granted or not. In case I'm using MSIE, I shouldn't have my access granted, but I have, and getloggeduser.sh generate a log line. what's wrong ? thanks for your help In case It can change something, I'm using squid3 on debian lenny (arch amd64) -- Ce courrier électronique a été vérifié et est exempt de virus connus à ce jour. Contactez votre administrateur pour plus de renseignement. postmas...@ch-chaumont.fr
begin:vcard fn:Erwann Pencreach n:Pencreach;Erwann org:Centre Hospitalier de Chaumont;Service Informatique adr;dom:;;2 rue Jeanne D'arc;Chaumont;;52000 email;internet:erwann.pencre...@ch-chaumont.fr title:Technicien Informatique tel;work:0325357321 tel;fax:0325030674 x-mozilla-html:FALSE version:2.1 end:vcard
