RE: [squid-users] Webmail sites - allow access

From: Amos Jeffries <squid3@dont-contact.us>
Date: Fri, 14 Dec 2007 16:27:06 +1300 (NZDT)

>
>
>>> Hi Group,
>>>
>>> I am using squid to block pretty much all web access other than
>>> work-related sites. However, I need to open up some of the popular
>>> webmail sites.
>
>>Um, can you see the self-contradiction in that? popular webmail sites are
> naturally non-work. If you operate via >email you should have company
> servers to handle that.
>
> Well, we don't. And that is a whole other can of worms that doesn't need
> to
> be opened on this forum.
>
>>>
>>> I was able to get hotmail work properly with the following ACL. But I
>>> am having problems with gmail.com and mail.yahoo.
>>>
>>> acl WebmailSites dstdomain
>>> .ard.yahoo.com
>>> .login.yahoo.com
>>> .mail.yahoo.com
>>> .gmail.com
>>> .mail.google.com
>>> .google.com/accounts
>>> .google.ca/accounts
>
>>These are NOT dstdomain.
>>dstdoman is quite naturally ONLY a _domain_ .
>>The /acounts is an URI.
>
> Thank-you. I'll experiment with that.
>
>>> .hotmail.com
>>> .live.com
>>> .passport.com
>>>
>>> For the gmail site, it won't seem to take the two /accounts entries at
>>> all.
>>>
>>> The yahoo site partially works, but I get 'unable to load javascript'
>>> errors.
>
>>Which would be natural if the javascript sub-includes are located
> elsewhere.
>
> So my best bet is to scan all http headers when logging in, reading mail,
> and logging out? And then include any and all unique domains and
> subdomains
> in the acl?

Essentially yes.
With some exceptions where the . wildcard is suitable as you use above.

Amos

>
>>>
>>> Has anyone got these to work? Care to share your ACL's with me?
>>>
>>> Thanks in advance!
>>>
>>>
>>> Davan Wong
>>>
>
>>Amos
>
>
>
>
Received on Thu Dec 13 2007 - 20:27:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST