Re: [squid-users] allowing restricted sites via squid

From: Chris Robertson <crobertson_at_gci.net>
Date: Mon, 16 Feb 2009 11:20:44 -0900

sameer shinde wrote:
> Hi All,
>
> We are using squid along with squidguard to block the websites.
> Now due to company policy we've blocked all the emial sites with
> squidguard blacklist,
> wherein we've also blocked gmail.google.com
> Now, our company has purchesed domain name specifice mail address from google.
> for example mail.ourdomain.com, wherein if anyone types
> mail.ourdomain.com it will be
> redirected to ourdoman specific gmail.
> The problem here is as squidguard is blocking gmail.google.com and
> which is inturn backbehind
> mail.ourdomain.com, the users are not able to access that site.
> What we want to do now is, we still want to block gmail access, but if
> someone goes thru
> mail.ourdomain.com, then he should get the access to gmail. How can we
> achive this?
>

Very insecure, but...

acl ourmail_referer referer_regex -i mail\.ourdomain\.com
acl gMail dstdomain .gmail.google.com
http_access allow gMail ourmail_referer

...would allow access to gmail.google.com if the referer header included
the string "mail.ourdomain.com". Be aware, this http_access rule would
allow ANYONE who can access your cache to access mail.google.com by
faking the referer.

> Few more bits about our squid. It is configured in non-transperant
> mode. i.e. we mannually
> provide the proxy to users.
> Also its in non-authentication mode. i.e. it does not checks for
> username/password.
>
>
> ~~~~~~~~~~~~~~
> Sameer Shinde.
> M:- +91 98204 61580
> Millions saw the apple fall, but Newton was the one who asked why.
>

Chris
Received on Mon Feb 16 2009 - 20:21:00 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 17 2009 - 12:00:02 MST