Re: Squid Proxy Blocking ? How ?

<I would be happy if experts on the list would point out if anything is
wrong with my example, and would show a better script than the one at the
end of the letter. Thanx>

On Mon, 30 Jun 1997, Daryl Lim wrote:

> >You have lots of possibilities here:
> >You can use the ACLs: you can tell who, when, where can and can't connect.
> >You can use the URL rewriting rules. For example you can rewrite every
> >url containing sex to a page saying that it is not allowed...
> >You can use TIS's http-gw to do more nice things: filtering urls.
>
> Thanks For the reply
>
> All the documentation seems to be a bit complex for me to understand :) .
> Could you possibly give me am example on how to use either the ACL's
> or URL re-writing .
Look at squid.conf, it's easy.
Here's an example from the top of my head, for acl:

acl workinghours time M-F 8:00-16:00
#defining the working hours
acl sexsitez url_regex //[^/]*sex
#any url which has "sex" in the host part
acl crappysoft browser MSIE
#we try to defend ourselves from being hacked by MSIE bugs
acl eviluser user billg
#we block our employee who is always surfing instead of work...
acl knownuser user REQUIRED
#we require the users to be identified by ident to use the cache
#don't forget to set ident_lookup on earlier in the config file
acl blockedsitez src 207.68.0.0/255.255.0.0
acl myfriend src 207.68.222.222/255.255.255.255
#there is a range of sites which is blocked from the cache,
#but in this range we have a friend, who is not
#
#We have only defined things so far. Let's build up the rules.
http_access deny sexsitez workinghours
#sex sites in working hours
http_access deny crappysoft !myfriend
#crappy software. Only our friend's machine is allowed to use it
http_access deny eviluser
#evil user can do nothing
http_access deny blockedsitez !myfriend
#the blocked range of sites. Only exception is our friend
http_access allow knownuser
# the last line is important:
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow.
#we want to deny anything which is not specifically allowed

And now about the url rewriting. I've tried it once, and the cache didn't
seem to work. Maybe I've missed something to pass through (I'm not a perl
expert). I didn't try too hard though. Here's my setup:
redirect_program /home/www-data/sripts/redirect
redirect_children 5
-------/home/www-data/scripts/redirect:-----
#!/usr/bin/perl
$|=1;
while (<>) {
        s@.*sex.*@http://bunuel.tii.matav.hu/forbidden.html@;
        print;
}
-----------------------------
Can anyone give a working version of that? (I don't care about loosing
"essex", I want a working example only.)

---
GNU GPL: csak tiszta forrásból