Re: [squid-users] reverse proxy filtering?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 20 Apr 2009 00:08:40 +1200

Gavin McCullagh wrote:
> Hi,
>
> On Sun, 19 Apr 2009, Jeff Sadowski wrote:
>
>> I am helping a library to setup a way to display available books to the outside.
>> The internal website allows you to login and check out books which
>> they want blocked to the outside. They do not want to modify the web
>> developers code to fit their special needs, since it is a commonly
>> used program to the libraries. They just want me to stop people from
>> logging in and checking out books and they don't need it to be an
>> absolute just difficult. When they should only be allowed to check
>> books out from inside.
>
> I presume the login is required to do any task.
>
> It might be simplest to just block access to any URLs which process a
> check out and any other disallowed tasks? You could give a custom error
> page which says "this task is not allowed to external users. I suppose it's
> better for users to not show buttons which they can't use, but this would
> be simple to implement, perform well and wouldn't require modifying html.
>
> Some people do modify content indirectly using squid's url_rewrite,
> including this amusing one:
> http://www.ex-parrot.com/~pete/upside-down-ternet.html
>
> which involves running a webserver on squid. The perl script downloads the
> page to squid's web directory, translates it and rewrites the url to the
> localhost location of the translated page. It's a bit of a hack, but it
> would probably work.
>
> Gavin
>

Yes thats another approach.

Though the more I hear about the problem, the more I think your best
solution would be to forget changing the HTML and simply block access to
pages and form processors that are not publicly allowed.

This is how the most of the world does it, no problems or complications
either. Usually the software at back-end can be the one saying access
denied. But a Squid access rule works just as well.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7
Received on Sun Apr 19 2009 - 12:08:48 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 19 2009 - 12:00:02 MDT