King, John (Greg) (LMIT-HOU) wrote:
> I used some spare parts and installed ipcop on a pc to act as my kids
> connection to the world. Squid 2.5stable14 is packaged with ipcop and I
> set it up as a transparent proxy and then blocked everything but
> outbound 80/443 and then restricted the web-traffic to a whitelist of
> sites we will let them go to.
>
> Our school system is providing access to a tool called netTrekker which
> is like a google'fied whitelist. The problem is that Nettrekker is not a
> proxy. It provides links back when searching for various research data.
>
> I would like to be able to create a rule that allows my kids to trust
> pages from the netTrekker.com service without needing to whitelist their
> entire directory.
>
> The only way I can think of doing this is an acl that would check the
> referer and if it is from netTrekker.com allow the actual link that was
> refered.
>
The biggest problem with this would be that once the initial link has
been followed from NetTrekker, all the elements (images, CSS,
javascript, etc). of the referenced page would have a referrer of that
page. Since HTTP is a stateless protocol, there would be no way to
stipulate "the initial request for this page has to have nettrekker.com
as a referrer, but allow all the images and pages that this page links to."
> I checked the squid book, the wiki and some google searches on "squid
> acl referer" but only found data on the referer logs and
>
> acl
> New acl types
> * referer_regex (match Referer headers),
>
>
> But no examples to see how to set this up. Anyone have some examples?
>
It would certainly be possible to block/allow based on referrer (using
external_acl_type), but I really don't think that it would improve your
situation much.
> Thanks
>
> Greg
>
Chris
Received on Wed Dec 13 2006 - 16:25:59 MST
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST