On Tue, Feb 17, 2009 at 1:50 AM, Chris Robertson <crobertson@xxxxxxx> wrote: > > Very insecure, but... not really.... is because, although google gives you a domain name saying mail.ourdomain.com when you access the url, it gets redirected to mail.google.com/a/ourdomain.com It does not permanently allow you to work on mail.ourdomain.com Whereas the general gmail has a referral link as mail.google.com/mail This is the key difference between the site address which one can block on. With this it does not become insecure, as only the domain related websites will be accessible. > acl ourmail_referer referer_regex -i mail\.ourdomain\.com > acl gMail dstdomain .gmail.google.com > http_access allow gMail ourmail_referer > > ...would allow access to gmail.google.com if the referer header included the > string "mail.ourdomain.com". Be aware, this http_access rule would allow > ANYONE who can access your cache to access mail.google.com by faking the > referer. Here as you've said ANYONE can access mail.google.com, but there it will not be. ~~~~~~~~~~~~~~ Sameer Shinde. M:- +91 98204 61580 Millions saw the apple fall, but Newton was the one who asked why.