Re: [squid-users] Trouble limiting access to rutube

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 18 Mar 2012 00:27:30 +1300

On 17/03/2012 4:21 a.m., awarecons wrote:
> It doesn't matter, `cause request is made so that available to Squid
> is http://rutube.ru/player.swf? string only.

Wrong. That is merely what your logs are configured to record. Squid is
given the full path (HTTP) or none of it (HTTPS).

http://www.squid-cache.org/Doc/config/strip_query_terms/

Configure "strip_query_terms off" to log the URL Squid is being given.

> There's nothing in
> access.log pointing to .iflv-file is being requested by embedded
> java-script. The only GET is about '.../player.swf?'

>
> More efficient is:
> acl GET method GET
> acl rutube_url urlpath_regex -i /player.swf

* You omitted step (2). The above pattern will match the pattern
anywhere in the URL. For example: http://rutube.ru/docs/player?swf=boo.
This is inefficient, a lot of extra work is done scanning the whole path
in case there was a match further down.

* You omitted step (3) and (5). The "." character has special meaning in
regex.

>
> http_access deny GET rutube_url
>
> 2012/3/16 Amos Jeffries:
>> On 17/03/2012 12:34 a.m., awarecons wrote:
>>> acl rutube dstdomain .rutube.ru .vk.com .vkontakte.ru
>>> acl rutube_streams rep_header Content-Type -i
>>> application/x-shockwave-flash
>>> http_reply_access deny rutube rutube_streams
>>>
>>> acl rutube_Files url_regex -i \player.swf$
>>> http_access deny rutube rutube_Files
>>>
>>> But there is still question - how cut off .iflv instead of cutting
>>> player.swf?
>>
>> step 1) Use urlpath_regex instead of url_regex.
>>
>> step 2) Start it with "^" to anchor it to the path beginning.
>>
>> step 3) Add proper escaping on the URL dot. Making it "\."
>>
>> step 4) Remove the "$" end-anchor which is saying only catch the request
>> when there is *no* query string.
>>
>> step 5) find a basic how-to on regex patterns and start reading.
>>
>> Amos
>>

Amos
Received on Sat Mar 17 2012 - 11:27:42 MDT

This archive was generated by hypermail 2.2.0 : Sat Mar 17 2012 - 12:00:03 MDT