Re: [squid-users] reverse proxy filtering?

From: Jeff Sadowski <jeff.sadowski_at_gmail.com>
Date: Sun, 19 Apr 2009 01:18:40 -0600

On Sat, Apr 18, 2009 at 10:24 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Jeff Sadowski wrote:
>>
>> On Sat, Apr 18, 2009 at 5:18 PM, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>>
>>> Jeff Sadowski wrote:
>>>>
>>>> I'm new to trying to use squid as a reverse proxy.
>>>>
>>>> I would like to filter out certain pages and if possible certain words.
>>>> I installed perl so that I can use it to rebuild pages if that is
>>>> possible?
>>>>
>>>> My squid.conf looks like so
>>>> <==== start
>>>> acl all src all
>>>> http_port 80 accel defaultsite=outside.com
>>>> cache_peer inside parent 80 0 no-query originserver name=myAccel
>>>> acl our_sites dstdomain outside.com
>>>
>>> aha, aha, ..
>>>
>>>> http_access allow all
>>>
>>> eeek!!
>>
>> I want everyone on the outside to see the inside server minus one or
>> two pages. Is that not what I set up?
>
> By lucky chance of some background defaults only, and assuming that the web
> server is highly secure on its own.
>
> If you have a small set of sites, such as those listed in "our_sites" then
> its best to be certain and use that ACL for the allow as well.
>
>  http_access allow our_sites
>  http_access deny all
>
> ... same on the cache_peer_access below.
>
>>
>>>> cache_peer_access myAccell all
>>>> <==== end
>>>>
>>>> how would I add it so that for example
>>>>
>>>> http://inside/protect.html
>>>>
>>>> is blocked?
>>>
>>> http://wiki.squid-cache.org/SquidFaq/SquidAcl
>>
>> so I want redirector_access?
>> Is there an example line of this in a file
>>
>> I tried using
>>
>> url_rewrite_program c:\perl\bin\perl.exe c:\replace.pl
>>
>> but I guess that requires more to use it? an acl?
>> should "acl all src all" be "acl all redirect all" ?
>
> No to all three. The above is all line you mention trying is all thats
> needed.
>
>  url_rewrite_access allow all
>
> but the above should be the default when a url_rewrite_program  is set.
>
> What is making you think its not working? and what do the logs say about it?
> Also what is the c:/replace.pl code?
>
>
>>
>>>> and is it possible to filter/replace certain words on the site
>>>>
>>>> like replace "Albuquerque" with "Duke City" for an example on all pages?
>>>
>>> No. no. no. Welcome to copyright violation hell.
>>
>> This was an example. I have full permission to do the real translations.
>> I am told to remove certain links/buttons to login pages. thus I
>> replace "<a herf=inside>button</a>" with "" Currently I have a
>> pathetic perl script that doesn't support cookies and is gong through
>> each set of previous pages to bring up the content. I was hoping squid
>> would greatly simplify this.
>> I was using www::mechanize I know this isn't the best way but they
>> just need a fast and dirty way.
>
> Ah, okay. Well the only ways squid has for doing content alteration is far
> too much as well for that use. (coding up an ICAP server and processing
> rules or a full eCAP adaptor plugin).
>
> IMO you need to kick the webapp developers to make their app do the removal
> under the right conditions. It would solve many more problems than having
> different copies of a page available with identical identifiers.
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
>  Current Beta Squid 3.1.0.7
>

To easy your mind about what it is for.
I am helping a library to setup a way to display available books to the outside.
The internal website allows you to login and check out books which
they want blocked to the outside. They do not want to modify the web
developers code to fit their special needs, since it is a commonly
used program to the libraries. They just want me to stop people from
logging in and checking out books and they don't need it to be an
absolute just difficult. When they should only be allowed to check
books out from inside. The people asking me to help don't get to
choose the software either it is higher up where those decisions are
made. Don't you love government :-D
Received on Sun Apr 19 2009 - 07:18:42 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 19 2009 - 12:00:02 MDT