Re: [squid-users] allowing restricted sites via squid

From: sameer shinde <s9sameer_at_gmail.com>
Date: Tue, 17 Feb 2009 19:17:26 +0530

On Tue, Feb 17, 2009 at 1:50 AM, Chris Robertson <crobertson_at_gci.net> wrote:

>
> Very insecure, but...

not really....
is because, although google gives you a domain name saying mail.ourdomain.com
when you access the url, it gets redirected to mail.google.com/a/ourdomain.com
It does not permanently allow you to work on mail.ourdomain.com
Whereas the general gmail has a referral link as mail.google.com/mail
This is the key difference between the site address which one can block on.
With this it does not become insecure, as only the domain related
websites will be
accessible.

> acl ourmail_referer referer_regex -i mail\.ourdomain\.com
> acl gMail dstdomain .gmail.google.com
> http_access allow gMail ourmail_referer
>
> ...would allow access to gmail.google.com if the referer header included the
> string "mail.ourdomain.com". Be aware, this http_access rule would allow
> ANYONE who can access your cache to access mail.google.com by faking the
> referer.

Here as you've said ANYONE can access mail.google.com, but there it will not be.

~~~~~~~~~~~~~~
Sameer Shinde.
M:- +91 98204 61580
Millions saw the apple fall, but Newton was the one who asked why.
Received on Tue Feb 17 2009 - 13:47:51 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 18 2009 - 12:00:01 MST