Do you know how I would allow access based on the referer? I'm
searching for how to do this and would like to try it out.
On Dec 12, 2007, at 6:52 PM, Adrian Chadd wrote:
> On Wed, Dec 12, 2007, Cody Jarrett wrote:
>> I'm using squid 2.6 and have it configured to block all websites
>> except for a few that I specify are ok. The problem I'm having is,
>> several sites that are fine to access, such as kbb.com, have content
>> invoked from other sites. So when I view kbb.com for example, the
>> page
>> is missing most it's content and looks really messed up in firefox,
>> and this happens with other sites. Is there some way to allow access
>> to approved sites, and further sites that are invoked?
>
> There's no easy way for squid (or any proxy, really!) to properly
> determine "and further sites that are invoked."
>
> You could possibly allow access based on referrer URL as well - which
> should show up as having been referred by your list of approved URLs -
> but referrer URLs can't be trusted as anyone can just fake them.
>
>
>
> Adrian
>
>> http_port 10.1.0.1:3128
>> http_port 127.0.0.1:3128
>> visible_hostname server.blah.com
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> no_cache deny QUERY
>> cache_dir ufs /var/spool/squid 400 16 256
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern . 0 20% 4320
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443 563
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 563 # https, snews
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>>
>> #allow only the sites listed in the following file
>> acl goodsites dstdom_regex "/etc/squid/allowed-sites.squid"
>> http_access allow goodsites
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny to_localhost
>>
>> acl lan_network src 10.1.1.0/24
>>
>> #deny http access to all other sites
>> http_access deny lan_network
>> http_access deny itfreedom_network
>> http_access allow localhost
>> http_access deny all
>> acl to_lan_network dst 10.1.45.0/24
>> http_access allow to_lan_network
>> http_reply_access allow all
>> icp_access allow all
>
> --
> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial
> Squid Support -
> - $25/pm entry-level VPSes w/ capped bandwidth charges available in
> WA -
Received on Thu Dec 13 2007 - 15:02:54 MST
This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST