[squid-users] block user agent
Amos Jeffries
squid3 at treenet.co.nz
Thu Nov 16 07:55:11 UTC 2017
On 16/11/17 00:18, Vieri wrote:
> Hi,
>
> I'm trying to block some user agents (I know it's easy to fake, but most users won't try to fake that header value).
>
> The following works:
>
> acl denied_useragent browser Chrome
> acl denied_useragent browser MSIE
> acl denied_useragent browser Opera
> acl denied_useragent browser Trident
> [...]
> http_access deny denied_useragent
> http_reply_access deny denied_useragent
> deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_useragent denied_useragent
>
> The following works for HTTP sites, but not for HTTPS sites in an ssl-bumped setup:
>
> acl allowed_useragent browser Firefox/
> [...]
> http_access deny !allowed_useragent
> deny_info http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=allowed_useragent allowed_useragent
>
>
> What could I try?
>
The User-Agent along with all HTTP layer details in HTTPS are hidden
behind the encryption layer. TO do anything with them you must decrypt
the traffic first. If you can decrypt it turns into regular HTTP traffic
- the normal access controls should then work as-is.
Amos
More information about the squid-users
mailing list