John Doe wrote:
I need to use an external program to potentially replace images requests,
based on the referers, but url_rewrite does not pass the referer.
It is for people direct linking images on many external sites/forums.
I need the referer because the images seen directly on our site should not be
replaced.
Would a combination with external_acl do the trick?
Yes it would. However keep in mind that the referer header can be easily
forged and get past this type of protection.
Indeed; but forging the header won't be easily done from forums/blogs links hopefuly.
The thing is, I need also to rewrite legit URLs in some other cases...
Can I have more than one url_rewrite blocks?
url_rewrite_program "/squid/abuse_rewrite.php"
url_rewrite_children 5
url_rewrite_concurrency 0
url_rewrite_host_header off
url_rewrite_access allow abuser
url_rewrite_access deny all
url_rewrite_program "/squid/oldurl2newurl.php"
url_rewrite_children 5
url_rewrite_concurrency 0
url_rewrite_host_header off
url_rewrite_access allow all
You will find its often better to redirect users with 302.
That can be done most efficiently like so:
acl oldURL ...
deny_info http://new.location oldURL
http_access deny oldURL
can be done seperately to cover as many different redirections and cases
as you need.
The problem is that the rewriting can be complex and context dependant...
By example: only big abusers images will be changed (decision needs an external script).
Other example: *.small.* -> *.320.*, etc...
I need an external script that can handle complex cases.
So, can I have more than one url_rewrite "blocks"?
Not in current squid.
There is the possiility of multiple external_acl_type though.
Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE8
