On Sun, Apr 19, 2009 at 12:29 AM, Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote: > On Sat, Apr 18, 2009 at 10:24 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> Jeff Sadowski wrote: >>> >>> On Sat, Apr 18, 2009 at 5:18 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> >>> wrote: >>>> >>>> Jeff Sadowski wrote: >>>>> >>>>> I'm new to trying to use squid as a reverse proxy. >>>>> >>>>> I would like to filter out certain pages and if possible certain words. >>>>> I installed perl so that I can use it to rebuild pages if that is >>>>> possible? >>>>> >>>>> My squid.conf looks like so >>>>> <==== start >>>>> acl all src all >>>>> http_port 80 accel defaultsite=outside.com >>>>> cache_peer inside parent 80 0 no-query originserver name=myAccel >>>>> acl our_sites dstdomain outside.com >>>> >>>> aha, aha, .. >>>> >>>>> http_access allow all >>>> >>>> eeek!! >>> >>> I want everyone on the outside to see the inside server minus one or >>> two pages. Is that not what I set up? >> >> By lucky chance of some background defaults only, and assuming that the web >> server is highly secure on its own. >> >> If you have a small set of sites, such as those listed in "our_sites" then >> its best to be certain and use that ACL for the allow as well. >> >> http_access allow our_sites >> http_access deny all >> >> ... same on the cache_peer_access below. >> >>> >>>>> cache_peer_access myAccell all >>>>> <==== end >>>>> >>>>> how would I add it so that for example >>>>> >>>>> http://inside/protect.html >>>>> >>>>> is blocked? >>>> >>>> http://wiki.squid-cache.org/SquidFaq/SquidAcl >>> >>> so I want redirector_access? >>> Is there an example line of this in a file >>> >>> I tried using >>> >>> url_rewrite_program c:\perl\bin\perl.exe c:\replace.pl >>> >>> but I guess that requires more to use it? an acl? >>> should "acl all src all" be "acl all redirect all" ? >> >> No to all three. The above is all line you mention trying is all thats >> needed. >> >> url_rewrite_access allow all >> >> but the above should be the default when a url_rewrite_program is set. > > so how do you tell it to use the url_rewrite_program with the inside site? > Or does it use the script on all pages passing through the proxy? > > Is this only a rewrite on the requested url from the web browser? > Ahh that might answer some of my questions before. I never tried > clicking on it after implementing the rewrite script. I was only > hovering over the url and seeing that it was still the same. > >> >> What is making you think its not working? and what do the logs say about it? >> Also what is the c:/replace.pl code? >> > > <=== start > #!c:\perl\bin\perl.exe > $| = 1; > $replace="<a href=http://inside/login.html.*?</a>"; > $with="no login"; > while ($INPUT=<>) { > $INPUT=~s/$replace/$with/gi; > print $INPUT; > } > <=== end > > I think I see the problem now I guess I am looking for something else > besides url_rewrite maybe a full text replacement :-/ > >> >>> >>>>> and is it possible to filter/replace certain words on the site >>>>> >>>>> like replace "Albuquerque" with "Duke City" for an example on all pages? >>>> >>>> No. no. no. Welcome to copyright violation hell. >>> >>> This was an example. I have full permission to do the real translations. >>> I am told to remove certain links/buttons to login pages. thus I >>> replace "<a herf=inside>button</a>" with "" Currently I have a >>> pathetic perl script that doesn't support cookies and is gong through >>> each set of previous pages to bring up the content. I was hoping squid >>> would greatly simplify this. >>> I was using www::mechanize I know this isn't the best way but they >>> just need a fast and dirty way. >> >> Ah, okay. Well the only ways squid has for doing content alteration is far >> too much as well for that use. (coding up an ICAP server and processing >> rules or a full eCAP adaptor plugin). >> One more thing for the night if squid is written in C I think I can easily modify it to do what I want. The problem then becomes compiling it for windows. Can I just use cygwin? I'm thinking I can have an external program run on the page before handing it off to the web client. no? >> IMO you need to kick the webapp developers to make their app do the removal >> under the right conditions. It would solve many more problems than having >> different copies of a page available with identical identifiers. >> >> Amos >> -- >> Please be using >> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 >> Current Beta Squid 3.1.0.7 >> >
