Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid2 - problem blocking user agent because ; is not allowed

    pfSense Packages
    1
    2
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nachtfalke
      last edited by

      Hi,

      I am using squid2 and squidguard. Actually there is a security hole in Internet Explorer 8 and so I want to block this special browser and version. I do not want to block IE9 or IE10. Now I have the problem that the custom options in squid GUI do not allow me to use a  ;  because this will make a new line. Further I am not 100% sure if my squid syntax is correct.

      At the moment I have the problem that all versions of IE will be blocked.

      Here it is:

      
##### Create ACL which identifies IE8;
acl block_internet_explorer browser MSIE 8\.0;
;
##### Whitelist some source IPs and subnets;
acl browsers_allowed_src src 172.17.252.0/22 172.17.64.0/22 172.17.0.21/32 172.17.0.22/32 172.17.0.23/32;
;
##### First place the ACL to allow the subnets;
http_access allow browsers_allowed_src block_internet_explorer;
;
##### Now the ACL which should block IE8 for all others;
http_access deny block_internet_explorer;

      This is the exact code I put in squid custom options GUI. Remember that  ;  makes a new line.
      I got the user agent strings from here:
      http://www.useragentstring.com/pages/Internet%20Explorer/

      Anyone who could help me?

      For curiosity it is now working even if I did not change anything. Perhaps it took some time to take effect !?

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        Don't know what happend but nothing on may custom options code but now again all internet explorer versions are blocked. Can someone help me on this how to block user agent only for some source subnets but not for all ?

        I appreciate your help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.