Re: [squid-users] Trouble limiting access to rutube

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 17 Mar 2012 00:15:55 +1300

On 16/03/2012 8:08 a.m., awarecons wrote:
> Suddenly it turned out that it's impossible to deny video from
> www.rutube.ru by Squid means. There is the only intend to cut off
> video, not shockwave nor java-scripts.

Impossible? Looks very possible from that snippet you give below...

>
> Rutube.ru uses inframe incapsulation of video via java-script. Example:
> http://rutube.ru/tracks/4567054.html
> piece of code:
> <script type="text/javascript">
> var rt_referer = escape(location.href); playMovie('pid',
> 'http://rutube.ru/player.swf?buffer_first=1.0&file=http%3A%2F%2Fbl.rutube.ru%2Fdb9decb3ae2341724c72e6490b028cfd.iflv&xurl=http%3A%2F%2Frutube.ru%2Ftrackinfo%2Fdb9decb3ae2341724c72e6490b028cfd.html%3Fad_ids%3D&image=http%3A%2F%2Ftub.rutube.ru%2Fthumbs%2Fdb%2F9d%2Fdb9decb3ae2341724c72e6490b028cfd-1.jpg&&autoload=true&fsb=true&logo=false&newWnd=false&rAngle=0&uid=3692805&referer='
> + rt_referer);
> </script>
>
> So it freely passes through rep_mime_type, rep_header, url_regex ().

The first two yes possibly. But regex can catch anything, that is both
its benefit and part of the price. If you are not catching it with regex
then your regex rule is wrong.

A urlpath_regex for "^/player\.swf" can catch these videos when paired
with a dstdomain ACL for rutube.ru.

>
> Please, give me solution how Squid and/or SquidGuard could cut off
> video, not disabling access to site itself. Approach is to deny video
> content, not site itself.
>
> NB Using rep_mime_type, rep_header, url_regex works fine with
> youtube.com - it lets to download shockwave player, but player is
> unable to download and play video.

rutube.ru is not youtube.com. They have different owners, different
authors, and different URL patterns. Expecting them to behave exactly
the same?

Amos
Received on Fri Mar 16 2012 - 11:16:03 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 16 2012 - 12:00:04 MDT