[Esa-l]Squid ACLs for webmail

John D. Hardin jhardin at impsec.org
Tue Jul 24 16:48:15 PDT 2001

On Tue, 24 Jul 2001, clark shishido wrote:

> instead of multiple ACL definitions and statements, with a
> redirector like squirm you can regex the URL and send them off to
> a notallowed.html or sorry.html page. It's safer to restart the
> redirectors than having to restart squid everytime you change the
> ACL list in squid.conf.
> http://www.senet.com.au/squirm
> It's not a poison list, just another tool we can use to gently
> enforce some security.

Here's an alternative using just Squid ACLs. Comments (as always)

/etc/squid/webmails contains:


/etc/squid/executables contains:


Add the following to your /etc/squid.conf file:

	acl WEBMAIL dstdom_regex -i "/etc/squid/webmails"
	acl EXECUTABLE urlpath_regex -i "/etc/squid/executables"

	# hazardous executables from WebMail services
	http_access deny WEBMAIL EXECUTABLE

Whenever you edit webmails or executables, run "squid -k reconfigure".
This is faster than restarting the proxy.

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
   1197 days until the Presidential Election

More information about the esd-l mailing list