Hallo! Du (Jeff Evans) hast geschrieben:
> Squid seems to be the perfect replacement (and a damn speedy cache), but
>I can't seem to see any way to restrict or redirect URL's similar to Cern's
>Pass and Fail commands. Does someone have a plug in module that creates
>this functionality (and uses the exact same syntax as Cern :)? Possibly
>working with the URL Redirector in 1.1.beta23.
> Any information would be greatly appreciated.
I thought about redirector first, too, but squid has all needs built
in.
This is how I do this task:
acl all src 0.0.0.0/0.0.0.0
acl dirtydomain dstdomain "/var/proxy/www/squid/etc/dirtydomain"
acl dirtybranch url_regex "/var/proxy/www/squid/etc/dirtybranch"
http_access deny dirtydomain
http_access deny dirtybranch
http_access allow all
deny_info http://foo.bar.net/ERROR/dirty-pictures.html dirtydomain dirtybranch
$ cat /var/proxy/www/squid/etc/dirtydomain
adult.com
adults.com
cyberporn.com
$ cat /var/proxy/www/squid/etc/dirtybranch
100hot.com/xxx
and so on...
This method works for me, but it leaves one hole wide open: You can
access the 'bad' pages with the IP-Address. So I had to deny such
requests. I have a small positive list where I put 'trusted' IPs in.
A redirector which does IP2Addr-conversion does'nt work because the
results were never checked with the acl-rules.
Now i'm thinking of getting all IPs of the 'bad' hosts and deny
them, because Squid can check host-->IP, but not the other way
round. (I have tried to implement this, but ... :( )
But this isn't a good way, because HTTP/1.1 supports an 'Host:'-Header
which can get different contents from one Server on one IP.
So it would be nicer if someone can add an IP-->Host check for an
acl-rule (more likely, all tools are in the source, you have only to
put it together ;-) or put in a switch where we can select between pre- or
post- redirector acl-check.
Cord.
PS: Conversion from CERN-Pass/Fail to Squid-rules should be a small
job for perl or shell-scripts.
-- Cord Beermann, Webmaster der FH Lippe [email protected] | http://www.fh-lippe.de/fhl/dvz/webadm/Received on Mon Nov 25 1996 - 13:39:16 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:38 MST