Re: [squid-users] squid 3 acl browser

From: Ralf Hildebrandt <Ralf.Hildebrandt_at_charite.de>
Date: Wed, 24 Jun 2009 11:19:07 +0200

* Erwann PENCREACH <erwann.pencreach_at_ch-chaumont.fr>:
> Hi all,
>
> I'm configuring a squid 3 proxy and I want, to deny access to all
> unwanted browsers but that is not working.
>
> here are my current acl :

You REALLY need to read on regular expressions

> acl nodst url_regex ^.*sex.*$ ^.*porn.*$ ^.*hack.*$ ^.*crack.*$ ^.*drug.*$

Or shorter:
acl nodst url_regex sex porn hack crack drug

Note that you won't be able to access
http://www.sextant.fr/ with that. Which is a bit problematix.

> acl nodst1 url_regex -i \.bat$ \.cmd$ \.exe$ \.pif$ \.vbs$ \.ade$ \.adp$
> acl nodst2 url_regex -i \.bas$ \.chm$ \.cpl$ \.eml$ \.hlp$ \.hta$ \.inf$
> acl nodst3 url_regex -i \.ins$ \.isp$ \.jse$ \.lnk$ \.msc$ \.msi$ \.msp$
> acl nodst4 url_regex -i \.mst$ \.reg$ \.sct$ \.shs$ \.vb$ \.vbe$ \.vbs$
> acl nodst5 url_regex -i \.wav$ \.avi$ \.ogg$ \.wma$ \.wme$ \.wsc$ \.wsf$
> acl nodst6 url_regex -i \.wsh$ \.sh$ \.mp3$ \.scr$ \.cab$ \.zip$ \.tar$
> acl nodst7 url_regex -i \.gz$ \.bz2$ \.xpi$ \.wmv$ \.mpeg$

acl nodst1 url_regex -i \.(bat|cmd|exe|pif|vbs|ade|adp)$
etc.

> acl contenttype1 req_mime_type ^.*video.*$ ^.*audio.*$
acl contenttype1 req_mime_type video audio

> acl checkua browser -i ^.*Mozilla/.*$ ^Keyvelop$ ^ClamWin/.*$

acl checkua browser -i Mozilla/ ^Keyvelop$ ^ClamWin/

Maybe it would be more useful to add DansGuardian to your setup.
Received on Wed Jun 24 2009 - 09:19:22 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 24 2009 - 12:00:04 MDT