Re: [squid-users] Can url_rewrite_program determine the referer?

From: dustfinger x <dustfinger_at_muddymukluk.com>
Date: Sun, 16 Oct 2011 20:51:40 -0600

On Sun, Oct 9, 2011 at 4:43 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On Sun, 9 Oct 2011 16:07:00 -0600, dustfinger x wrote:
>>
>> On Sun, Oct 9, 2011 at 12:19 PM, Diego Woitasen
>> <diego_at_woitasen.com.ar> wrote:
>>>
>>> On Sun, Oct 9, 2011 at 11:10 AM, dustfinger x
>>> <dustfinger_at_muddymukluk.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> The system is using Squid version 3.1.8.
>>>>
>>>> I have configured squid to use a url_rewrite_program that redirects
>>>> users to the company portal sites under certain circumstances. The
>>>> problem is that the portal sites references external content and the
>>>> external content URI's are also being re_written. Is there any way for
>>>> me to determine if a particular uri has a referer? It would be idea if
>>>> I could determine the referer's domain name, but even just knowing if
>>>> the uri request has a referer would be helpful.
>>>>
>>>> Sincerely,
>>>>
>>>> dustfinger.
>>>>
>>>
>>> Use "acl referer_regex" and url_rewriter_access. For example:
>>>
>>> acl intranet_ref referer_regex *.intranet.com.*
>>> url_rewriter_access deny intranet_ref
>>> url_rewriter_access allow all
>>>
>>> Regards,
>>> �Diego
>>>
>>>
>>> --
>>> Diego Woitasen
>>>
>>
>> Hi Diego,
>>
>> Thank you very much for your response. The challenge that I face is
>> that there will probably be a lot of referred to domains and these may
>> potentially change over time. If it is possible to somehow determine
>> the referrer from the url_rewrite_program, then that would be idea.
>> Your solution is not totally out of the question, but it would be a
>> maintenance issue for me.
>>
>> I suspect that what I want to do is simply not supported, but I did
>> read one user's post that he was able to pass the referrer to the
>> redirector using user variables. The poster did not detail how he went
>> about this though.
>
> Sounds way too complex. You can use external ACL in url_rewrite_access to
> make the ACL checks real-time based on arbitrary data source. Usage the same
> as in http_access.
>
> Amos
>

Hi,

Correct me if I am wrong, but in your suggested solution I would still
have to know in advance all of the domain names that I wanted to
redirect, or all of the domain names that I do not want to redirect.
Is it possible to use your suggested solution in the following
scenario:

Suppose that I have in a database a list of URI's that I would like to
allow access to. Consider one of these URI's and let's referrer to
that URI as URI_A. It turns out that URI_A contains content that is
hosted by a domain not contained in our database of URI's that we
would like to allow access to. Let's refer to the referred-to URI as
URI_UNLISTED. Now when a user requests content from URI_A, any of the
content that is referred to by URI_A, but is hosted by URI_UNLISTED,
is redirected. The result is that none of the reffered to content will
be returned to the client and that is not the behavior that I am
looking for.

This is what I am looking for. If a client makes a direct request to
URI_UNLISTED, then I would like to redirect that request by rewriting
the URI. If the client makes a request to URI_A, and URI_A refers to
URI_UNLISTED, then I would like all of the content to be accessible,
with no URI rewriting. That is, the request to URI_UNLISTED is
accepted since it is being referred to by a URI that is in our
database.

I know that if I could gain access to the referrer in the
url_rewrite_program, then I could achieve this behavior.

Does anyone know how I could achieve the behavior that I have described.

Sincerely,

dustfinger.
Received on Mon Oct 17 2011 - 02:51:48 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 17 2011 - 12:00:03 MDT