Re: Using Debian / iptables to block outbound MSIE via headers?
Karsten M. Self wrote:
> Are there any tools which can block outbound web traffic via headers?
> I've taken steps to minimize users' use of MSIE, but it's still possible
> to acccess it on desktops
> I pretty clearly can't stop 'em at the desktop. I suspect I can block
> the traffic via the header (user-agent string). Any tools for doing
> this specifically?
IPTables patch-o-matic has the capability to match on arbitrary strings in
packets, but you're probably better off with something that can decode the
entire HTTP request before matching.
I don't know of any tool that just blocks certain browsers, but Squid has a
browser acl you could use for this purpose.
Beware, though - if you have Opera users that need to masquerade as MSIE to
use certain broken sites, they could get blocked as well.
Adam
Reply to: