Search squid archive

Re: allowing restricted sites via squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 17, 2009 at 1:50 AM, Chris Robertson <crobertson@xxxxxxx> wrote:

>
> Very insecure, but...

not really....
is because, although google gives you a domain name saying mail.ourdomain.com
when you access the url, it gets redirected to mail.google.com/a/ourdomain.com
It does not permanently allow you to work on mail.ourdomain.com
Whereas the general gmail has a referral link as mail.google.com/mail
This is the key difference between the site address which one can block on.
With this it does not become insecure, as only the domain related
websites will be
accessible.


> acl ourmail_referer referer_regex -i mail\.ourdomain\.com
> acl gMail dstdomain .gmail.google.com
> http_access allow gMail ourmail_referer
>
> ...would allow access to gmail.google.com if the referer header included the
> string "mail.ourdomain.com".  Be aware, this http_access rule would allow
> ANYONE who can access your cache to access mail.google.com by faking the
> referer.

Here as you've said ANYONE can access mail.google.com, but there it will not be.


~~~~~~~~~~~~~~
Sameer Shinde.
M:- +91 98204 61580
Millions saw the apple fall, but Newton was the one who asked why.

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux