Re: [squid-users] A bit off topic: Tool to do remote manament through proxy?

From: Henrik Nordstrom <[email protected]>
Date: Sat, 22 Mar 2003 18:07:39 +0100

"Henk-Jan (squid)" wrote:

> Question: Does anyone know if it is possible?

Most things are unfortunately possible these days.

> If yes: How can I prevent this?

By finding out the servers used and block these.

Common software you might also be able to block based on the User-Agent
header, or in a few cases on the response mime type.

The steps in blocking access is

  1) Identify the requests issued in access.log

  2) Determine if there is any pattern identifying such requests and
block them

     2a) Usually there is some kind of registration server first
contacted. Block access to these servers (http_access deny based on a
dstdomain acl).

     2b) In some cases the returned mime type is unique for the
application used. Block access to such mime types (http_reply_access
deny based on a resp_mime_type acl)

     2c) And in some cases the requests can be identified by the
user-agent. Block access from such user agents. (http_access deny based
on a browser acl).

To figure out the User-Agent you can either enable the user-agent log in
Suqid, or use log_mime_hdrs to have the full request and respons headers
logged.

Regards
Henrik
Received on Sat Mar 22 2003 - 10:22:40 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:18 MST