[Esa-l]Squid ACLs for webmail

[John D. Hardin]

On Tue, 24 Jul 2001, clark shishido wrote:

> instead of multiple ACL definitions and statements, with a
> redirector like squirm you can regex the URL and send them off to
> a notallowed.html or sorry.html page. It's safer to restart the
> redirectors than having to restart squid everytime you change the
> ACL list in squid.conf.
> 
> http://www.senet.com.au/squirm
> 
> It's not a poison list, just another tool we can use to gently
> enforce some security.

Here's an alternative using just Squid ACLs. Comments (as always)
solicited...

/etc/squid/webmails contains:

	email\.cnn\.com
	hotmail\.com
	hotmail\.msn\.com
	inbox\.excite\.com
	mail\.chek\.com
	mail\.yahoo\.com
	mailchek\.com
	passport\.com
	webmail\.netscape\.com

/etc/squid/executables contains:

	\.asd$
	\.bat$
	\.chm$
	\.com$
	\.dll$
	\.exe$
	\.hlp$
	\.hta$
	\.js$
	\.lnk$
	\.ocx$
	\.pif$
	\.reg$
	\.scr$
	\.shb$
	\.shs$
	\.vb$
	\.vbs$
	\.vbe$
	\.wsc$
	\.wsf$
	\.wsh$

Add the following to your /etc/squid.conf file:

	acl WEBMAIL dstdom_regex -i "/etc/squid/webmails"
	acl EXECUTABLE urlpath_regex -i "/etc/squid/executables"

	# hazardous executables from WebMail services
	http_access deny WEBMAIL EXECUTABLE


Whenever you edit webmails or executables, run "squid -k reconfigure".
This is faster than restarting the proxy.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   1197 days until the Presidential Election