Re: [squid-users] Invoked sites by allowed websites.

From: Adrian Chadd <adrian@dont-contact.us>
Date: Fri, 14 Dec 2007 09:18:12 +0900

On Thu, Dec 13, 2007, Cody Jarrett wrote:
> Do you know how I would allow access based on the referer? I'm
> searching for how to do this and would like to try it out.

acl aclname referer_regex [-i] regexp ...

adrian
>
> On Dec 12, 2007, at 6:52 PM, Adrian Chadd wrote:
>
> >On Wed, Dec 12, 2007, Cody Jarrett wrote:
> >>I'm using squid 2.6 and have it configured to block all websites
> >>except for a few that I specify are ok. The problem I'm having is,
> >>several sites that are fine to access, such as kbb.com, have content
> >>invoked from other sites. So when I view kbb.com for example, the
> >>page
> >>is missing most it's content and looks really messed up in firefox,
> >>and this happens with other sites. Is there some way to allow access
> >>to approved sites, and further sites that are invoked?
> >
> >There's no easy way for squid (or any proxy, really!) to properly
> >determine "and further sites that are invoked."
> >
> >You could possibly allow access based on referrer URL as well - which
> >should show up as having been referred by your list of approved URLs -
> >but referrer URLs can't be trusted as anyone can just fake them.
> >
> >
> >
> >Adrian
> >
> >>http_port 10.1.0.1:3128
> >>http_port 127.0.0.1:3128
> >>visible_hostname server.blah.com
> >>hierarchy_stoplist cgi-bin ?
> >>acl QUERY urlpath_regex cgi-bin \?
> >>no_cache deny QUERY
> >>cache_dir ufs /var/spool/squid 400 16 256
> >>refresh_pattern ^ftp: 1440 20% 10080
> >>refresh_pattern ^gopher: 1440 0% 1440
> >>refresh_pattern . 0 20% 4320
> >>acl all src 0.0.0.0/0.0.0.0
> >>acl manager proto cache_object
> >>acl localhost src 127.0.0.1/255.255.255.255
> >>acl to_localhost dst 127.0.0.0/8
> >>acl SSL_ports port 443 563
> >>acl Safe_ports port 80 # http
> >>acl Safe_ports port 21 # ftp
> >>acl Safe_ports port 443 563 # https, snews
> >>acl Safe_ports port 70 # gopher
> >>acl Safe_ports port 210 # wais
> >>acl Safe_ports port 1025-65535 # unregistered ports
> >>acl Safe_ports port 280 # http-mgmt
> >>acl Safe_ports port 488 # gss-http
> >>acl Safe_ports port 591 # filemaker
> >>acl Safe_ports port 777 # multiling http
> >>acl CONNECT method CONNECT
> >>
> >>#allow only the sites listed in the following file
> >>acl goodsites dstdom_regex "/etc/squid/allowed-sites.squid"
> >>http_access allow goodsites
> >>http_access allow manager localhost
> >>http_access deny manager
> >>http_access deny !Safe_ports
> >>http_access deny CONNECT !SSL_ports
> >>http_access deny to_localhost
> >>
> >>acl lan_network src 10.1.1.0/24
> >>
> >>#deny http access to all other sites
> >>http_access deny lan_network
> >>http_access deny itfreedom_network
> >>http_access allow localhost
> >>http_access deny all
> >>acl to_lan_network dst 10.1.45.0/24
> >>http_access allow to_lan_network
> >>http_reply_access allow all
> >>icp_access allow all
> >
> >--
> >- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial
> >Squid Support -
> >- $25/pm entry-level VPSes w/ capped bandwidth charges available in
> >WA -
>
>

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Received on Thu Dec 13 2007 - 17:11:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST