Re: [squid-users] squid 3 acl browser

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 25 Jun 2009 00:35:55 +1200

Erwann PENCREACH wrote:
> Ralf Hildebrandt a écrit :
>> * Erwann PENCREACH <erwann.pencreach_at_ch-chaumont.fr>:
>>> ok, I made changes
>>>
>>> nodst and contenttype acl works fine (I'll look later for squidguard
>>> and dansguardian)
>>>
>>> browser filtering doesn't work at all
>>>
>>> external_acl works fine
>>>
>>> I don't understand what I'm doing wrong with User-agent filtering
>>
>> But I already told you. MSIE says it's Mozilla. Your regular
>> expression is wrong.
> You're right I've just checked both User agents :
>
> # MSIE : User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
> # Mozilla : User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr;
> rv:1.9.0.1; .NET CLR 2.0.50727; ffco7) Gecko/2008070208 Firefox/3.0.1
>
> acl becomes :
>
> acl checkua browser Gecko/ ^Keyvelop$ ^ClamWin/
>

Mozilla and Gecko are both engines that generate HTTP requests and parse
HTTP replies on demand. Along with various other HTTP related
activities. They are both used in a vast number of browsers and browser
clones and fake agents.

I would guess you actually want the "Firefox" branding interface for
Gecko. Commonly known as the Mozilla Firefox web browser.

User-Agent: is easily forged, so don't hang your security on it please.
It's best to use it only in deny (ie for unknowns and non-matching) and
leave the allow permissions to more strict ACL types.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.8
Received on Wed Jun 24 2009 - 12:36:03 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 24 2009 - 12:00:04 MDT