Hi all,
I'm configuring a squid 3 proxy and I want, to deny access to all
unwanted browsers but that is not working.
here are my current acl :
****************************************************************************
acl all_src src 0.0.0.0/0.0.0.0
acl nodst url_regex ^.*sex.*$ ^.*porn.*$ ^.*hack.*$ ^.*crack.*$ ^.*drug.*$
acl nodst1 url_regex -i \.bat$ \.cmd$ \.exe$ \.pif$ \.vbs$ \.ade$ \.adp$
acl nodst2 url_regex -i \.bas$ \.chm$ \.cpl$ \.eml$ \.hlp$ \.hta$ \.inf$
acl nodst3 url_regex -i \.ins$ \.isp$ \.jse$ \.lnk$ \.msc$ \.msi$ \.msp$
acl nodst4 url_regex -i \.mst$ \.reg$ \.sct$ \.shs$ \.vb$ \.vbe$ \.vbs$
acl nodst5 url_regex -i \.wav$ \.avi$ \.ogg$ \.wma$ \.wme$ \.wsc$ \.wsf$
acl nodst6 url_regex -i \.wsh$ \.sh$ \.mp3$ \.scr$ \.cab$ \.zip$ \.tar$
acl nodst7 url_regex -i \.gz$ \.bz2$ \.xpi$ \.wmv$ \.mpeg$
acl contenttype1 req_mime_type ^.*video.*$ ^.*audio.*$
http_access deny all_src nodst
http_access deny all_src nodst1
http_access deny all_src nodst2
http_access deny all_src nodst3
http_access deny all_src nodst4
http_access deny all_src nodst5
http_access deny all_src nodst6
http_access deny all_src nodst7
request_header_access Content-Type deny contenttype1
acl checkua browser -i ^.*Mozilla/.*$ ^Keyvelop$ ^ClamWin/.*$
http_access deny !checkua
external_acl_type authuser %DST %SRC [a secret path]/getloggeduser.sh
acl isok external authuser
http_access allow isok
http_access deny all
****************************************************************************
getloggeduser.sh is retrieving the user logged on the host, and checking
his access right (full or restricted) against ldap ; in case of full
rights or restricted rights (if dst is allowed) it return OK
user=USERNAME. If user has no rights or if dst is not allowed, it return
err user=USERNAME. it also log datetime username rights, url and if
access is granted or not.
In case I'm using MSIE, I shouldn't have my access granted, but I have,
and getloggeduser.sh generate a log line.
what's wrong ?
thanks for your help
In case It can change something, I'm using squid3 on debian lenny (arch
amd64)
-- Ce courrier électronique a été vérifié et est exempt de virus connus à ce jour. Contactez votre administrateur pour plus de renseignement. postmaster_at_ch-chaumont.fr
This archive was generated by hypermail 2.2.0 : Wed Jun 24 2009 - 12:00:04 MDT