Re: [squid-users] url_regex problem from Amos Jeffries on 2008-07-18 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 19 Jul 2008 00:54:56 +1200

sohan krishi wrote:
> Hi all,
>
> I am using Squid 2.6 Stable18 in transparent mode on ubuntu 8.04. I
> have a problem with blocking some words. I am using this ACL
>
> acl blocklist url_regex -i "/usr/local/etc/blocked1.txt"
>
> and in blocked1.txt I have many words line porn, masala, sex, blog ...
>
> All is working fine but when users try to browse any thing like
> weblogic...it is blocked ! I found it by debuging and noticed that
> weblogic is found in blog word in blocked1.txt....
>
> How can I tell Squid to use exact word, like use only blog and not
> weblogic. Is it possible ?

Sigh.. Content filtering. Back to bite again.

  - very easy to think of and start
  - impossible to get right
  - bypassed so easily

Did you know what "YFMTUAGPI" means to a content filter?

At least you have reached level 2: the penismightier problem.

Guess what level 3 is? placenames! been to cocksucker, Wyoming. Fucker,
Australia. Shitterton, England, how about bad knob in Europe? those are
just the famous ones. Not even gong near street names.

Level 4: aliases; seen a monkey? or a scary duck? a clinton? a gore? a
president bush?

Level 5: now encrypt all those with a simple +1 Caeser-cipher

.. the bravest I've ever known often crumble after reaching...
Level 6: wetware symbolic encryptions: \/!gara for yuo!

** NP: these 'levels' are my own invented rating system to judge how
determined filtering people are. Based on my 16 years experience in
security.

Best option is to give up early and take other easier paths, like
teaching each and every client not to browse porn in the first place. Or
just blocking all non-plaintext traffic unless its pre-vetted.

To keep on the pattern filtering road, you need to become an expert in
regex, encryption, and security. The porn people professionally
by-passing your filter are 10+ years ahead in expertise. And have a
handful of languages to choose from even at level 1.

The full-word pattern looks like this:
[^a-zA-Z]([a-zA-Z]+)[^a-zA-Z]

substitute your word for the bracketed part.

*** Note this is ONLY US-ASCII english words. Mostly useless now that
URI have been internationalized.

Amos

-- 
Please use Squid 2.7.STABLE3 or 3.0.STABLE8

Received on Fri Jul 18 2008 - 12:54:46 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 19 2008 - 12:00:03 MDT