on Fri, Jul 09, 2004 at 04:52:30PM -0400, Adam Aube (aaube01@baker.edu) wrote:
> Karsten M. Self wrote:
>
> > Are there any tools which can block outbound web traffic via headers?
>
> > I've taken steps to minimize users' use of MSIE, but it's still possible
> > to acccess it on desktops
>
> > I pretty clearly can't stop 'em at the desktop. I suspect I can block
> > the traffic via the header (user-agent string). Any tools for doing
> > this specifically?
>
> IPTables patch-o-matic has the capability to match on arbitrary strings in
> packets, but you're probably better off with something that can decode the
> entire HTTP request before matching.
>
> I don't know of any tool that just blocks certain browsers, but Squid has a
> browser acl you could use for this purpose.
Right. There's a recent list post addressing just this.
> Beware, though - if you have Opera users that need to masquerade as MSIE to
> use certain broken sites, they could get blocked as well.
Not a problem here. I know the client side and control it.
I can also rewrite headers on the proxy if it's necessary to spoof, but
it should't be. Even Reuters is now apparently fixing their crap.
http://twiki.iwethey.org/Main/UserAgentString
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Reject EU Software Patents! http://swpat.ffii.org/
Attachment:
signature.asc
Description: Digital signature