http://www.cyberciti.biz/faq/howto-block-internet-explorer-browser-with-squid-proxy-server-on-a-linuxunix-server
I want to block Internet Explorer (MS-IE) browser on a squid proxy server running on a Linux or Unix-like systems. How can I block IE on a squid proxy server version 3.x?
You need to setup an acl on a squid proxy server to block Microsoft Internet Explorer or any other browser of your choice. This tutorials explains how to block
Internet Explorer browsers with Squid proxy running on a Ubuntu Linux
and CentOS Linux version 6.x server. This is also useful to fix an known
vulnerability coming from a specific version of browser. Please note
the following acl based on user-agents and it can be spoofed easily.
I want to block Internet Explorer (MS-IE) browser on a squid proxy server running on a Linux or Unix-like systems. How can I block IE on a squid proxy server version 3.x?
You need to setup an acl on a squid proxy server to block Microsoft Internet Explorer or any other browser of your choice. This tutorials explains how to block
| Tutorial details | |
|---|---|
| Difficulty | Easy (rss) |
| Root privileges | Yes |
| Requirements | Squid 3.x |
| Estimated completion time | 5m |
Warning:
Please note that third-party browser add-ons or bots can alter the
user-agent string on the client side itself. So the following may not
work at all.
Syntax to block squid using User-Agent header
The acl syntax is as follows tn match on User-Agent header:acl acl_name_here browser User_Agent_Here
Step 1: Edit squid.conf
Type the following command:sudo vi /etc/squid/squid.conf
Step 2: Enable User-agent log in squid.conf
Make sure access_log set to combined (default is squid):access_log daemon:/var/log/squid3/access.log combined
Step 3: Update/append acl
Local acl section and append the following configuration directives to your squid.conf file:## block all version of MSIE ## acl block_browser browser MSIE http_access deny block_browserIt is also possible to block specific version or other browsers too:
acl block_bad_browser browser MSIE.9 acl block_bad_browser browser MSIE.10 acl block_bad_browser browser Firefox acl block_bad_browser browser Chrome/38 http_access deny block_bad_browserYou can also use the following syntax which is very fast:
acl aclname req_header header-name [-i] regex
Save and close the file.Step 4: Reload squid server
To reload Squid Proxy Server without restarting squid daemon, enter:sudo /usr/sbin/squid -k reconfigure
Step 5: Test it
Here is a sample screen showing blocked browser:
Fig.01: Firefox is blocked using Squid 3.x
References
- Squid configuration directive acl documentation.
No comments:
Post a Comment