Erwann PENCREACH wrote:
Ralf Hildebrandt a écrit :
* Erwann PENCREACH <erwann.pencreach@xxxxxxxxxxxxxx>:
ok, I made changes
nodst and contenttype acl works fine (I'll look later for squidguard
and dansguardian)
browser filtering doesn't work at all
external_acl works fine
I don't understand what I'm doing wrong with User-agent filtering
But I already told you. MSIE says it's Mozilla. Your regular
expression is wrong.
You're right I've just checked both User agents :
# MSIE : User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
# Mozilla : User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr;
rv:1.9.0.1; .NET CLR 2.0.50727; ffco7) Gecko/2008070208 Firefox/3.0.1
acl becomes :
acl checkua browser Gecko/ ^Keyvelop$ ^ClamWin/
Mozilla and Gecko are both engines that generate HTTP requests and parse
HTTP replies on demand. Along with various other HTTP related
activities. They are both used in a vast number of browsers and browser
clones and fake agents.
I would guess you actually want the "Firefox" branding interface for
Gecko. Commonly known as the Mozilla Firefox web browser.
User-Agent: is easily forged, so don't hang your security on it please.
It's best to use it only in deny (ie for unknowns and non-matching) and
leave the allow permissions to more strict ACL types.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
Current Beta Squid 3.1.0.8
