Re: [squid-users] squid 3 acl browser

From: Erwann PENCREACH <erwann.pencreach_at_ch-chaumont.fr>
Date: Wed, 24 Jun 2009 11:29:29 +0200

Ok, thanks, I'll try and tell you

Ralf Hildebrandt a écrit :
> * Erwann PENCREACH <erwann.pencreach_at_ch-chaumont.fr>:
>> Hi all,
>>
>> I'm configuring a squid 3 proxy and I want, to deny access to all
>> unwanted browsers but that is not working.
>>
>> here are my current acl :
>
> You REALLY need to read on regular expressions
>
>> acl nodst url_regex ^.*sex.*$ ^.*porn.*$ ^.*hack.*$ ^.*crack.*$ ^.*drug.*$
>
> Or shorter:
> acl nodst url_regex sex porn hack crack drug
>
> Note that you won't be able to access
> http://www.sextant.fr/ with that. Which is a bit problematix.
>
>> acl nodst1 url_regex -i \.bat$ \.cmd$ \.exe$ \.pif$ \.vbs$ \.ade$ \.adp$
>> acl nodst2 url_regex -i \.bas$ \.chm$ \.cpl$ \.eml$ \.hlp$ \.hta$ \.inf$
>> acl nodst3 url_regex -i \.ins$ \.isp$ \.jse$ \.lnk$ \.msc$ \.msi$ \.msp$
>> acl nodst4 url_regex -i \.mst$ \.reg$ \.sct$ \.shs$ \.vb$ \.vbe$ \.vbs$
>> acl nodst5 url_regex -i \.wav$ \.avi$ \.ogg$ \.wma$ \.wme$ \.wsc$ \.wsf$
>> acl nodst6 url_regex -i \.wsh$ \.sh$ \.mp3$ \.scr$ \.cab$ \.zip$ \.tar$
>> acl nodst7 url_regex -i \.gz$ \.bz2$ \.xpi$ \.wmv$ \.mpeg$
>
> acl nodst1 url_regex -i \.(bat|cmd|exe|pif|vbs|ade|adp)$
> etc.
>
>> acl contenttype1 req_mime_type ^.*video.*$ ^.*audio.*$
> acl contenttype1 req_mime_type video audio
>
>> acl checkua browser -i ^.*Mozilla/.*$ ^Keyvelop$ ^ClamWin/.*$
>
> acl checkua browser -i Mozilla/ ^Keyvelop$ ^ClamWin/
>
> Maybe it would be more useful to add DansGuardian to your setup.
> --
> Ce courrier �lectronique a �t� v�rifi� et est exempt de virus connus � ce jour.
> Contactez votre administrateur pour plus de renseignement.
> postmaster_at_ch-chaumont.fr

-- Ce courrier ÿlectronique a ÿtÿ vÿrifiÿ et est exempt de virus connus ÿ ce jour. Contactez votre administrateur pour plus de renseignement. postmaster_at_ch-chaumont.fr

Received on Wed Jun 24 2009 - 09:29:39 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 24 2009 - 12:00:04 MDT