Search squid archive

Re: squid 3 acl browser

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Amos Jeffries a écrit :

Erwann PENCREACH wrote:

Ralf Hildebrandt a écrit :

* Erwann PENCREACH <erwann.pencreach@xxxxxxxxxxxxxx>:

ok, I made changes
nodst and contenttype acl works fine (I'll look later for squidguard and dansguardian) 

browser filtering doesn't work at all

external_acl works fine

I don't understand what I'm doing wrong with User-agent filtering


But I already told you. MSIE says it's Mozilla. Your regular
expression is wrong.

You're right I've just checked both User agents :
# MSIE : User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) # Mozilla : User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.1; .NET CLR 2.0.50727; ffco7) Gecko/2008070208 Firefox/3.0.1 

acl becomes :

acl checkua browser Gecko/ ^Keyvelop$ ^ClamWin/
Mozilla and Gecko are both engines that generate HTTP requests and parse HTTP replies on demand. Along with various other HTTP related activities. They are both used in a vast number of browsers and browser clones and fake agents.
I would guess you actually want the "Firefox" branding interface for Gecko. Commonly known as the Mozilla Firefox web browser.
User-Agent: is easily forged, so don't hang your security on it please. It's best to use it only in deny (ie for unknowns and non-matching) and leave the allow permissions to more strict ACL types. 

Amos


you're right, that's why I deny all but those three UA

firefox, isn't the solution, cause the debian port is called Iceweasel
filtering on gecko allows Firefox, Thunderbird, Iceweasel and Icedove to go through this acl, and let the following acl do the rest of filtering.
All the security, isn't done by the proxy. Our users aren't able to install any software on the computers so chance to have an other browser is minimal 


--
Ce courrier ÿlectronique a ÿtÿ vÿrifiÿ et est exempt de virus connus ÿ ce jour.
Contactez votre administrateur pour plus de renseignement.
postmaster@xxxxxxxxxxxxxx


begin:vcard
fn:Erwann Pencreach
n:Pencreach;Erwann
org:Centre Hospitalier de Chaumont;Service Informatique
adr;dom:;;2 rue Jeanne D'arc;Chaumont;;52000
email;internet:erwann.pencreach@xxxxxxxxxxxxxx
title:Technicien Informatique
tel;work:0325357321
tel;fax:0325030674
x-mozilla-html:FALSE
version:2.1
end:vcard
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux