Re: [squid-users] reverse proxy filtering?

From: Jeff Sadowski <jeff.sadowski_at_gmail.com>
Date: Sun, 19 Apr 2009 09:59:41 -0600

On Sun, Apr 19, 2009 at 3:09 AM, Gavin McCullagh <gavin.mccullagh_at_gcd.ie> wrote:
> Hi,
>
> On Sun, 19 Apr 2009, Jeff Sadowski wrote:
>
>> I am helping a library to setup a way to display available books to the outside.
>> The internal website allows you to login and check out books which
>> they want blocked to the outside. They do not want to modify the web
>> developers code to fit their special needs, since it is a commonly
>> used program to the libraries. They just want me to stop people from
>> logging in and checking out books and they don't need it to be an
>> absolute just difficult. When they should only be allowed to check
>> books out from inside.
>
> I presume the login is required to do any task.
>
Actually no you can browse books without login in.

> It might be simplest to just block access to any URLs which process a
> check out and any other disallowed tasks?  You could give a custom error
> page which says "this task is not allowed to external users. I suppose it's
> better for users to not show buttons which they can't use, but this would
> be simple to implement, perform well and wouldn't require modifying html.
>
> Some people do modify content indirectly using squid's url_rewrite,
> including this amusing one:
>        http://www.ex-parrot.com/~pete/upside-down-ternet.html
>
> which involves running a webserver on squid.  The perl script downloads the
> page to squid's web directory, translates it and rewrites the url to the
> localhost location of the translated page.  It's a bit of a hack, but it
> would probably work.
>

Cool thanks but I'm seriously looking at using privoxy and maybe even
privoxy and squid together
because it appears privoxy makes a terrible reverse proxy and would
leave my proxy box open for others to download illegal content. So my
current plan is to run privoxy on some random port and point the
reverse proxy to that port and wala both inline editing via privoxy
with a simple search replace string and no other sites except the one
specified for the reverse proxy via squid.

> Gavin
>
>
Received on Sun Apr 19 2009 - 15:59:44 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 19 2009 - 12:00:02 MDT