On 16/11/17 00:18, Vieri wrote:
Hi, I'm trying to block some user agents (I know it's easy to fake, but most users won't try to fake that header value). The following works: acl denied_useragent browser Chrome acl denied_useragent browser MSIE acl denied_useragent browser Opera acl denied_useragent browser Trident [...] http_access deny denied_useragent http_reply_access deny denied_useragent deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_useragent denied_useragent The following works for HTTP sites, but not for HTTPS sites in an ssl-bumped setup: acl allowed_useragent browser Firefox/ [...] http_access deny !allowed_useragent deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=allowed_useragent allowed_useragent What could I try?
The User-Agent along with all HTTP layer details in HTTPS are hidden behind the encryption layer. TO do anything with them you must decrypt the traffic first. If you can decrypt it turns into regular HTTP traffic - the normal access controls should then work as-is.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
