For some reason I never saw the replies to the original thread and only
recently found them searching around google. Since I do not have the
original email reply to quote I am pasting it here for reference
purposes followed by my question.
>
>> The biggest problem with this would be that once the initial link has
>> been followed from NetTrekker, all the elements (images, CSS,
>> javascript, etc). of the referenced page would have a referrer of
that
>> page.
>True, but it's possible using an external acl to whitelist entire sites
>based on Referer. But be warned that Referer is a client request header
>and may be forged by knowledgeable people.
>Regards
>Henrik
How would I go about whitelisting the entire site based on referer? What
I have now is the following and I am experiencing the situtation as
described by Chris Robertson in a previous reply.
external_acl_type check_referer_type children=5 %{Referer}
/scripts/referercheck.pl
acl our_networks src 192.169.1.0/24
acl check_referer_auth external check_referer_type
acl AllowedSites dstdomain .nettrekker.com
http_access allow localhost
http_access allow AllowedSites
http_access deny !check_referer_auth
http_access allow our_networks
http_access deny all
The external_acl_script I coded using the p209 example in the squid book
#!/usr/bin/perl -wl
use strict;
require 'shellwords.pl';
$|=1;
my $agent_referer;
while (<>) {
($agent_referer) = &shellwords;
if (&valid($agent_referer)) {
print "OK";
} else {
print "ERR";
}
}
sub valid {
my $ar = shift;
$ar =~ /^http:\/\/(.*)\/.*/;
if ($ar =~ /nettrekker\.com/) { return 1; } else { return 0; }
}
Basically this is allowing my kids to hit nettrekker and follow any
refered links. But once the link is clicked the refered site is
displayed incomplete as the refered pages elements are from a different
referer now.
Thanks,
Greg
Received on Thu Dec 28 2006 - 08:15:22 MST
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST