Re: [squid-users] Blocking mixed URLs

From: Michael Gale <michael.gale@dont-contact.us>
Date: Thu, 30 Sep 2004 13:40:04 -0600

Hello,

        You could try this ... now this is my first attempt at a regular
expression.

acl badurl url_regex -i
.*\.(com|net|biz|org|ca|us|br).*\/.*\.(com|net|biz|org|ca|us|br)

http_access deny badurl

This pattern should match any url string that contains
*.domainsuffix.*/*.domainsuffix

So the rule would go at the top.

Michael.

Christian Ricardo dos Santos wrote:
> Hello,
>
> I REALLY need a help here.
>
> Nowadays we are using ACL system to avoid users access to some websites.
>
> Those users can only access a limited list of sites (around 30), any =
> place outside this list is blocked. I don't know how or when, but =
> somebody discovery a way to cheat those ACLs.
>
> Here is what's happeneing:
>
> Everybody can access the site www.telefutura.com.br, but nobody can =
> access the website www.uol.com.br.
>
> Now if any user type one of the three strings bellow the access to this =
> blocked website is grant (anyways you can only read the text of it =
> through, all the other links are broken).
>
> www.uol.com.br/telefutura.com.br
> www.uol.com.br/?telefutura.com.br
> www.uol.com.br/$telefutura.com.br
>
> What can I do to avoid it ?
>
> I already have some ACLs in place to avoid downloads and access to some =
> type of files - ex: .*\.mp3($|\/?) -, but I still don't know how to =
> handle those mixed URLs request.
>
> Sorry for my Bad English
>
>
>
>

-- 
Michael Gale
Lan Administrator
Utilitran Corp.
Help feed the penguin !!
Received on Thu Sep 30 2004 - 13:39:53 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:03 MDT