Re: URL_REGEX case insensitive?

From: Craig Sanders <cas@dont-contact.us>
Date: Tue, 29 Apr 1997 15:12:31 +1000 (EST)

On Mon, 28 Apr 1997, Stefan Berg wrote:

> am trying to configure a limitation for some of my clients
> so that they cannot surf to XXX-links.
>
> Now I am using the url_regex like this
>
> acl SEXLINK url_regex XXX xxx
>
> Question: How do I make the url_regex match case _insensitive_?
>
> Want to do something like:
>
> acl SEXLINK url_regex -nocase xxx

it's a regex so you should be able to do:

acl SEXLINK url_regex [Xx][Xx][Xx]

note, this wont work. sure, it'll block out sites with XXX in the URL
but it wont block out all the porno sites. it will also block out
sites which have nothing to do with porn but which happen to have
'xxx' in the url.

blocking out all porno sites is essentially impossible. unless you want
to spend about 48 hours per day keeping track of every new site on the net
you just cant do it.

i run two main squid servers at work. one large cache which is unfiltered,
and another filtered proxy which uses the unfiltered cache as an
inside_fireall parent. a few weeks ago i downloaded the entire .com,
.net, .org domain lists from rs.internic.net (about 20MB of .tar.gz file)
and extracted most (not all) of the porno sites into a list and generated
a file containing squid acls. ended up with about 5200 domains to block.

i would guess that that blocks about 80-90% of the porno sites. there's
new ones being added every day, and many sites don't have XXX or sex or
whatever in the URL.

it's ultimately a futile exercise.

btw, don't take the easy path and just block sites with "sex" in the url
- you'll end up blocking a lot of domains which have nothing at all to
do with pornography....or, worse, you'll block sites which have useful
health information about safe sex or whatever.

also, btw, most (all??) squid acl filters can be bypassed just by using
(or chaining) another proxy, or by using a web anonymiser service.

you can use packet filtering firewalls to block direct access to ports
80, 8080, and 3128 to prevent direct access to common web server and proxy
ports...this will basically force your users to use your proxy.

you can prevent people from chaining proxies with the following
acl:

        acl dualproxy urlpath_regex -_-
        http_access deny dualproxy all

web anonymiser services can be blocked out as any other url. think
carefully before you block access to these, however - they do provide a
useful service which is not necessarily related to downloading porno pics.

craig
Received on Mon Apr 28 1997 - 22:34:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:03 MST