Search squid archive

Re: Unable to match empty user-agent strings?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



After some further testing and looking closely at the request headers
it turns out that this is failing because the User-Agent header field
isn't present (rather than it being present but empty).

Here's my workaround/solution which seems to work nicely.

acl image_leechers browser ^$
acl image_leechers browser Wget

acl has_user_agent browser ^.+$


http_access deny !has_user_agent
http_access deny image_leechers


I promise not to make a habit of just conversing with myself on this list...

2008/10/20 James Cohen <james@xxxxxxxxxxxx>:
> Hi,
>
> I think I've found a bug but first wanted to double-check I wasn't
> doing anything dumb.
>
> In our reverse proxy setup we want to block people from "leeching" the
> images using Wget or similar applications. To do this we want to block
> user agents that match "Wget" and because lots of people use CURL or
> their own home-brew clients anything with an empty user agent string.
>
> I added the following acl rule:
>
> # Block automated processes from requesting our images
> acl image_leechers browser ^$
> acl image_leechers browser Wget
>
> and later on...
>
> http_access deny image_leechers
>
> Requests that contain Wget are being blocked exactly as expected by
> the proxy. Empty requests are still going through to the parent
> server:
>
>
> Request with Wget in the user agent request headers (correct behaviour)
>
> $ wget  -S http://images.xxx.com/preview/1134/35121981.jpg
> --11:29:45--  http://images.xxx.com/preview/1134/35121981.jpg
>           => `35121981.jpg'
> Resolving images.xxx.com... 62.216.237.30
> Connecting to images.xxx.com|62.216.237.30|:80... connected.
> HTTP request sent, awaiting response...
>  HTTP/1.0 403 Forbidden
>  Server: squid/3.0.STABLE9
>  Mime-Version: 1.0
>  Date: Mon, 20 Oct 2008 10:29:45 GMT
>  Content-Type: text/html
>  Content-Length: 1653
>  Expires: Mon, 20 Oct 2008 10:29:45 GMT
>  X-Squid-Error: ERR_ACCESS_DENIED 0
>  X-Cache: MISS from ws2
>  Via: 1.0 ws2 (squid/3.0.STABLE9)
>  Connection: close
> 11:29:45 ERROR 403: Forbidden.
>
> And a similar request with an empty user agent string (incorrect - the
> request is being passed back to the parent where it returns a 403)
>
> $ wget -U "" -S http://images.xxx.com/preview/1134/james.jpg
> --11:30:09--  http://images.xxx.com/preview/1134/james.jpg
>           => `james.jpg'
> Resolving images.xxx.com... 62.216.237.30
> Connecting to images.xxx.com|62.216.237.30|:80... connected.
> HTTP request sent, awaiting response...
>  HTTP/1.0 403 Forbidden
>  Content-Type: text/html
>  Content-Length: 345
>  Date: Mon, 20 Oct 2008 10:30:09 GMT
>  Server: lighttpd/1.4.20
>  X-Cache: MISS from ws2
>  Via: 1.0 ws2 (squid/3.0.STABLE9)
>  Connection: close
> 11:30:09 ERROR 403: Forbidden.
>
>
> Thanks,
>
> James
>

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux