Hi again. This is working now. Thanks to all those who helped.
First, I'm sorry, I must have been tired: how did I not think, before asking, of grepping for "browser" in the default squid.conf? What was I thinking?
Second, yes, the user agent string can be changed. But I'm counting on the fact that most IE users don't even know what a "browser" is - they think that "the Internet is the blue E". I'm also counting that anyone who is technically knowledgeable enough to change IE's user agent is also knowledgeable enough not to want to use IE. :)
Third, I'm doing it at my home network for now. Maybe someday it will be company policy where I work - and in other companies as well.
If anyone is thinking about something like this, here's what I did:
I added, before the "allow" for my home network, the following:
--- acl msie browser MSIE
acl getmozilla dstdomain .spreadfirefox.com acl getmozilla dstdomain .getfirefox.com
# firefox download places always have "mozilla" in the URL acl getmozilla2 url_regex mozilla
# the following use IE's engine # magic online acl exceptions_ie url_regex wizards\.com # jre updates acl exceptions_ie url_regex java\.sun\.com acl exceptions_ie url_regex jdl\.sun\.com # stardock central acl exceptions_ie url_regex stardock\.com # city of heroes acl exceptions_ie url_regex \.coh\.com acl exceptions_ie url_regex cityofheroes\.com
acl windowsupdate dstdomain .windowsupdate.microsoft.com
deny_info ERR_BAD_BROWSER msie
http_access allow msie windowsupdate http_access allow msie getmozilla http_access allow msie getmozilla2 http_access allow msie exceptions_ie http_access deny msie ----
And I created an ERR_BAD_BROWSER file for telling users that they're using an insecure browser, and that IE is only for Windows Update, and for downloading Firefox.
