Search squid archive

Re: Invoked sites by allowed websites.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 13, 2007, Cody Jarrett wrote:
> Do you know how I would allow access based on the referer? I'm  
> searching for how to do this and would like to try it out.

acl aclname referer_regex [-i] regexp ...



adrian
> 
> On Dec 12, 2007, at 6:52 PM, Adrian Chadd wrote:
> 
> >On Wed, Dec 12, 2007, Cody Jarrett wrote:
> >>I'm using squid 2.6 and have it configured to block all websites
> >>except for a few that I specify are ok. The problem I'm having is,
> >>several sites that are fine to access, such as kbb.com, have content
> >>invoked from other sites. So when I view kbb.com for example, the  
> >>page
> >>is missing most it's content and looks really messed up in firefox,
> >>and this happens with other sites. Is there some way to allow access
> >>to approved sites, and further sites that are invoked?
> >
> >There's no easy way for squid (or any proxy, really!) to properly
> >determine "and further sites that are invoked."
> >
> >You could possibly allow access based on referrer URL as well - which
> >should show up as having been referred by your list of approved URLs -
> >but referrer URLs can't be trusted as anyone can just fake them.
> >
> >
> >
> >Adrian
> >
> >>http_port 10.1.0.1:3128
> >>http_port 127.0.0.1:3128
> >>visible_hostname server.blah.com
> >>hierarchy_stoplist cgi-bin ?
> >>acl QUERY urlpath_regex cgi-bin \?
> >>no_cache deny QUERY
> >>cache_dir ufs /var/spool/squid 400 16 256
> >>refresh_pattern ^ftp:		1440	20%	10080
> >>refresh_pattern ^gopher:	1440	0%	1440
> >>refresh_pattern .		0	20%	4320
> >>acl all src 0.0.0.0/0.0.0.0
> >>acl manager proto cache_object
> >>acl localhost src 127.0.0.1/255.255.255.255
> >>acl to_localhost dst 127.0.0.0/8
> >>acl SSL_ports port 443 563
> >>acl Safe_ports port 80		# http
> >>acl Safe_ports port 21		# ftp
> >>acl Safe_ports port 443 563	# https, snews
> >>acl Safe_ports port 70		# gopher
> >>acl Safe_ports port 210		# wais
> >>acl Safe_ports port 1025-65535	# unregistered ports
> >>acl Safe_ports port 280		# http-mgmt
> >>acl Safe_ports port 488		# gss-http
> >>acl Safe_ports port 591		# filemaker
> >>acl Safe_ports port 777		# multiling http
> >>acl CONNECT method CONNECT
> >>
> >>#allow only the sites listed in the following file
> >>acl goodsites dstdom_regex "/etc/squid/allowed-sites.squid"
> >>http_access allow goodsites
> >>http_access allow manager localhost
> >>http_access deny manager
> >>http_access deny !Safe_ports
> >>http_access deny CONNECT !SSL_ports
> >>http_access deny to_localhost
> >>
> >>acl lan_network src 10.1.1.0/24
> >>
> >>#deny http access to all other sites
> >>http_access deny lan_network
> >>http_access deny itfreedom_network
> >>http_access allow localhost
> >>http_access deny all
> >>acl to_lan_network dst 10.1.45.0/24
> >>http_access allow to_lan_network
> >>http_reply_access allow all
> >>icp_access allow all
> >
> >-- 
> >- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial  
> >Squid Support -
> >- $25/pm entry-level VPSes w/ capped bandwidth charges available in  
> >WA -
> 
> 

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux