Re: [squid-users] limiting access to certain browsers.

From: Chris Robertson <crobertson@dont-contact.us>
Date: Fri, 15 Feb 2008 15:14:28 -0900

Bert Rapp wrote:
>
> I'm currently running squid with squidGuard. (I know this isn't a
> squidGuard list, but it's part of my setup.) I'm using squidGuard to
> filter access to certain sites. Our users have both IE and Firefox
> installed on their workstations. What I'd like to do now is let
> Firefox browse most of the internet while only letting IE have access
> to a very limited list of sites.
> I've been reading about the browser acl in squid, but it appears that
> it's an all or nothing option.
>
> Here's an example of how I expect to use it:
>
> acl mozacl browser MOZILLA
> http_access allow mozacl
> http_access deny all
>
> But I think this would block access completely to IE.
>
> I'm guessing the feature I'm looking for would need to come from
> squidGuard (from what I can tell squidGuard doesn't look at the user
> agent) or another type of redirector.
>
> Has anyone else done this or have any suggestions? Are my assumptions
> correct?
>

Sure the ACL is all-or-nothing, but combined with other acls, you can
perform this task with ease.

Assuming you understand that User-Agents can be easily changed, I think
you would be well served by...

acl InternetExplorer browser MSIE
acl IEAllowedSites dstdomain .example.com .microsoft.com
http_access allow InternetExplorer IEAllowedSites
http_access deny InternetExplorer
deny_info ERR_MSIE_RESTRICTED InternetExplorer

Obviously you'd need to make the deny_info page explaining the
restrictions on IE, or leave that last line off, and just hand out a
generic access denied page.

Have a look at the FAQ section on ACLs for more:
http://wiki.squid-cache.org/SquidFaq/SquidAcl

Chris
Received on Fri Feb 15 2008 - 17:14:34 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST