On Wed, 8 Sep 2010 18:45:41 -0700 (PDT), devlin7 <it@xxxxxxxxxxxxxx> wrote: > Hi, > > I am using SquidNT and opendns. Opendns is great but the proxy blocking is > a > little behind the times [understandably]. I have noticed the proxy sites > change daily but they all operate the same way so I have added the > following > to my squid.conf > > ###################################### > # Block Keywords # > ##################################### > acl keywords url_regex -i "c:\squid\etc\keywords.acl" > http_access deny keywords > deny_info err_keywords keywords > > And my keywords file looks like this: > > .info/browse.php > .org/browse.php > .eu/browse.php > .es/browse.php > .us/browse.php > .nl/browse.php > .me/browse.php > .mobi/browse.php > .co.cc/browse.php > .in/browse.php > .net/browse.php > .cz.cc/browse.php > .at/browse.php > .co.tv/browse.php > .tk/browse.php > .us/browse.php > .php/?i8v > .php?u=?i8v > /browse.php?u= > /index.php?q= > /index.php?sp= > > No lots of proxies are being blocked when students try to use them but > there > are other not working and I can see why > > For example > http://myphproxy.com/index.php?q=aHR0cDovL3d3dy5nb29nbGUuZGUv lets me > straight out. > > > Any suggestions? Sigh. Reason #2 for avoiding regex: People blindly cut-n-paste'ing For example: /index.php?q= matches /index.phpq= or /index.phq= ... not much else. ... .me/browse.php matches example.com/home/browse.php or more likely gallery/home/browse.php ... .php/?i8v matches any URL with the string "phpi8v" anywhere in it. ... .php?u=?i8v matches any URL containing "phui8v" If you were to match " /index\.php\?q= " you would catch just about every PHP website with a custom search facility. It used to be used by a quite popular plugin. Amos
