Re: [squid-users] ACL based on header (iPhone)

From: Leonardo Rodrigues <leolistas_at_solutti.com.br>
Date: Mon, 14 Sep 2009 18:52:04 -0300

Nick Duda escreveu:
> Is it possible to have an ACL and http_access based on the User-Agent: Apple-iPhone/701.341 ?
>
> A test reverse OWA proxy we have is configured to prompt for authentication, and that would cause a problem with the Exchange email app on the iPhone. I want to have an http_access that checks to see if the request is coming from iPhone and allow access. I know the User Agent can be changed but this is a small start.
>
>

    Sure you can. The 'browser' ACL matches exclusively on User-Agent
request header and req_header ACl type can be used to match any other
request header, if that's the case.

# acl aclname browser [-i] regexp ...
# # pattern match on User-Agent header (see also req_header below)

# acl aclname req_header header-name [-i] any\.regex\.here
# # regex match against any of the known request headers. May be
# # thought of as a superset of "browser", "referer" and "mime-type"
# # ACLs.

    probably something like:

acl iphone browser -i Apple-iPhone

    and using that correctly on your http_access rules would do the job.
Keep in mind that if any other user forges the User-Agent header, which
is easily done by the way, your rules would allow those requests.
There's no way to have sure we're really dealing with an iPhone here.

-- 
	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br
	Minha armadilha de SPAM, NÃO mandem email
	gertrudes_at_solutti.com.br
	My SPAMTRAP, do not email it

Received on Mon Sep 14 2009 - 21:52:25 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 12:00:02 MDT