Re: [squid-users] squid 3 acl browser

Wed, 24 Jun 2009 02:56:19 -0700 

ok, I made changes
nodst and contenttype acl works fine (I'll look later for squidguard and dansguardian) 

browser filtering doesn't work at all

external_acl works fine

I don't understand what I'm doing wrong with User-agent filtering


something strange I wrote a script that I called with an external acl, 
this script read one parameter : %{headers} and log it in a file



the only thing I got in the file is : "-", this behavior is the same 
with Firefox Iceweasel or MSIE 6


Is there an other way to filter browsers ?

thanks for all

Ralf Hildebrandt a écrit :

* Erwann PENCREACH <erwann.pencre...@ch-chaumont.fr>:

Hi all,

I'm configuring a squid 3 proxy and I want, to deny access to all
unwanted browsers but that is not working.

here are my current acl :


You REALLY need to read on regular expressions


acl nodst  url_regex ^.*sex.*$ ^.*porn.*$ ^.*hack.*$ ^.*crack.*$ ^.*drug.*$



Or shorter: 
acl nodst  url_regex sex porn hack crack drug


Note that you won't be able to access
http://www.sextant.fr/ with that. Which is a bit problematix.


acl nodst1 url_regex -i \.bat$ \.cmd$ \.exe$ \.pif$ \.vbs$ \.ade$ \.adp$
acl nodst2 url_regex -i \.bas$ \.chm$ \.cpl$ \.eml$ \.hlp$ \.hta$ \.inf$
acl nodst3 url_regex -i \.ins$ \.isp$ \.jse$ \.lnk$ \.msc$ \.msi$ \.msp$
acl nodst4 url_regex -i \.mst$ \.reg$ \.sct$ \.shs$ \.vb$ \.vbe$ \.vbs$
acl nodst5 url_regex -i \.wav$ \.avi$ \.ogg$ \.wma$ \.wme$ \.wsc$ \.wsf$
acl nodst6 url_regex -i \.wsh$ \.sh$ \.mp3$ \.scr$ \.cab$ \.zip$ \.tar$
acl nodst7 url_regex -i \.gz$ \.bz2$ \.xpi$ \.wmv$ \.mpeg$


acl nodst1 url_regex -i \.(bat|cmd|exe|pif|vbs|ade|adp)$
etc.


acl contenttype1 req_mime_type ^.*video.*$ ^.*audio.*$

acl contenttype1 req_mime_type video audio


acl checkua browser -i ^.*Mozilla/.*$ ^Keyvelop$ ^ClamWin/.*$


acl checkua browser -i Mozilla/ ^Keyvelop$ ^ClamWin/

Maybe it would be more useful to add DansGuardian to your setup.
--
Ce courrier �lectronique a �t� v�rifi� et est exempt de virus connus � ce jour.
Contactez votre administrateur pour plus de renseignement.
postmas...@ch-chaumont.fr



--
Ce courrier �lectronique a �t� v�rifi� et est exempt de virus connus � ce jour.
Contactez votre administrateur pour plus de renseignement.
postmas...@ch-chaumont.fr


begin:vcard
fn:Erwann Pencreach
n:Pencreach;Erwann
org:Centre Hospitalier de Chaumont;Service Informatique
adr;dom:;;2 rue Jeanne D'arc;Chaumont;;52000
email;internet:erwann.pencre...@ch-chaumont.fr
title:Technicien Informatique
tel;work:0325357321
tel;fax:0325030674
x-mozilla-html:FALSE
version:2.1
end:vcard























					Reply via email to