On Monday 04 August 2003 21.01, cadu wrote:
> Well, I did and I found this:
>
> 1060022770.350 39667 192.168.0.46 TCP_MISS/200 329 GET
> http://iht-d01.icq.com:443/monitor? user1 DIRECT/205.188.213.249
> AIM/HTTP [Accept-Language: pt\r\nAccept: text/html, image/gif,
> image/jpeg, *; q=.2, */*; q=.2\r\nUser-Agent: Mozilla/4.0
> (compatible; MSIE 6.0; Win32)\r\nHost:
> iht-d01.icq.com\r\nProxy-Connection: Keep-Alive\r\nPragma:
> no-cache\r\nProxy-Authorization: Basic
> Y2VkdWFyZG86UGlyYVBpcm81Ng==\r\n] [HTTP/1.0 200 OK\r\nDate: Mon, 04
> Aug 2003 18:46:10 GMT\r\nServer: AIM HTTP/1.0
> (aim_http_proxy)\r\nCache-Control: no-cache
> no-store\r\nContent-Type: AIM/HTTP\r\nContent-Length: 24\r\n\r]
>
> Checking this record req_mime_type should work with ^AIM/HTTP$
> By the way I've also tested with ^AIM/HTTP\r\n$ just for sure but
> it did not again...
Nope. The request is a GET request and does not have a content-type,
as the request does not contain any content (the reply contains
content and has a content-type).
This request you either need to block by the URL (i.e. dstdoman
.icq.com urlpath_regex ^/monitor)
acl icq .dstdomain .icq.com
acl icq_monitor urlpath_regex ^/monitor
http_access deny icq icq_monitor
Alternatively you can block the reply by it's reply mime type
acl aim_http reply_mime_type -i ^aim/http$
http_reply_access deny aim_http
Note the use of http_reply_access instead of http_access here.. reply
mime type requires access to the reply data sent by the server which
only http_reply_access has.
Regards
Henrik
Received on Mon Aug 04 2003 - 15:10:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:35 MST