squid acl question

Support for security such as Firewalls and securing linux
Post Reply
Posts: 12
Joined: 2005/06/23 15:22:03

squid acl question

Post by gking » 2005/06/24 22:53:04

I am trying to protect my kids from running IE on accident. Removing the icon and setting mozilla as the default is not a guarantee. Plus I still need IE for windows security updates. I would have them run entirely linux but not all of their learning programs work under wine (or I am just too much of a wine newbie and will eventually get time to make them work).

I have squid setup whitelisting the sites we allow them to go to. What I want to do is setup another acl that will cause any connection not using Mozilla to fail UNLESS it is IE going to the windows update site.

Restricting on the first rule I have:

acl Mozilla browser Mozilla
http_access deny !Mozilla

But I have not found a way to write http_access deny !Mozilla unless dstdom_regex -i ^windowsupdate.microsoft.com
in a manner that parses.

any ideas?

btw the squid server is running centos4



Site Admin
Posts: 875
Joined: 2005/01/03 21:30:54
Location: /country/belgium

squid acl question

Post by arrfab » 2005/06/27 19:50:11

I'm not sure if the following rules can work (i've no squid under my hands for testing .... :-D ) :

acl Mozilla browser Mozilla
acl IE browser IE
acl windowsupdate dstdom_regex -i ^windowsupdate.microsoft.com
http_access allow IE windowsupdate
http_access deny !Mozilla

Don't forget that you can define multiple ACLs with squid and combine those acls in one proxy restriction.
Don't forget also that you have to read your 'proxy restriction' rules like in a firewall : from top to bottom and the first rules that matchs the condition is applied.

Keep me informed about this 'untested' solution ....

Post Reply

Return to “CentOS 4 - Security Support”