[squid-users] Unable to match empty user-agent strings? from James Cohen on 2008-10-20 (squid-users)

From: James Cohen <james_at_hotwhale.com>
Date: Mon, 20 Oct 2008 11:41:31 +0100

Hi,

I think I've found a bug but first wanted to double-check I wasn't
doing anything dumb.

In our reverse proxy setup we want to block people from "leeching" the
images using Wget or similar applications. To do this we want to block
user agents that match "Wget" and because lots of people use CURL or
their own home-brew clients anything with an empty user agent string.

I added the following acl rule:

# Block automated processes from requesting our images
acl image_leechers browser ^$
acl image_leechers browser Wget

and later on...

http_access deny image_leechers

Requests that contain Wget are being blocked exactly as expected by
the proxy. Empty requests are still going through to the parent
server:

Request with Wget in the user agent request headers (correct behaviour)

$ wget -S http://images.xxx.com/preview/1134/35121981.jpg
--11:29:45-- http://images.xxx.com/preview/1134/35121981.jpg
           => `35121981.jpg'
Resolving images.xxx.com... 62.216.237.30
Connecting to images.xxx.com|62.216.237.30|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.0 403 Forbidden
  Server: squid/3.0.STABLE9
  Mime-Version: 1.0
  Date: Mon, 20 Oct 2008 10:29:45 GMT
  Content-Type: text/html
  Content-Length: 1653
  Expires: Mon, 20 Oct 2008 10:29:45 GMT
  X-Squid-Error: ERR_ACCESS_DENIED 0
  X-Cache: MISS from ws2
  Via: 1.0 ws2 (squid/3.0.STABLE9)
  Connection: close
11:29:45 ERROR 403: Forbidden.

And a similar request with an empty user agent string (incorrect - the
request is being passed back to the parent where it returns a 403)

$ wget -U "" -S http://images.xxx.com/preview/1134/james.jpg
--11:30:09-- http://images.xxx.com/preview/1134/james.jpg
           => `james.jpg'
Resolving images.xxx.com... 62.216.237.30
Connecting to images.xxx.com|62.216.237.30|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.0 403 Forbidden
  Content-Type: text/html
  Content-Length: 345
  Date: Mon, 20 Oct 2008 10:30:09 GMT
  Server: lighttpd/1.4.20
  X-Cache: MISS from ws2
  Via: 1.0 ws2 (squid/3.0.STABLE9)
  Connection: close
11:30:09 ERROR 403: Forbidden.

Thanks,

James
Received on Mon Oct 20 2008 - 10:41:33 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 20 2008 - 12:00:04 MDT