From: SourceForge.net <no...@so...> - 2007-03-22 14:34:31
|
Support Requests item #1685846, was opened at 2007-03-22 09:35 Message generated for change (Comment added) made by fabiankeil You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=211118&aid=1685846&group_id=11118 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: configuration Group: None Status: Pending Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: trustfile implementation - whitelist Initial Comment: I have a requirement for restricting access to an intranet. Effectively, I want to whitelist access to about 20 pages on this intranet and blacklist everything else. This is being done to allow certain information out to a group of semi trusted people, but not allow complete intranet access. I have attempted to simulate this by using privoxy on my local PC and implementing the trustfile, which seemed like the right approach. The outcome I am looking for is that only the pages I want to be made available can be retrieved through a browser and navigating to anywhere else is blocked. Many of the pages I want to whitelist are parts of web sites (not complete sites), where I want to allow some but not all pages on the site. Attempts to access other pages would be returned with a custom 'page not found' error. However, that is not the effect I am getting. Most everything I specified to be whitelisted by provoxy are being blocked - I'm wondering if that is because I am not specifying whole sites. For example I enter ~http://myinternaldomain.com/this-site/index.htm) but that page is blocked by privoxy. If I comment out the trustfile, privoxy works very well. I'm using version 3.06 on Windows XP with firefox. Any idea's anyone ? Thanks in advance mac...@ma... ---------------------------------------------------------------------- >Comment By: Fabian Keil (fabiankeil) Date: 2007-03-22 14:34 Message: Logged In: YES user_id=875547 Originator: NO I second Hal's recommendation to use blocks instead. The trust file only has an advantage if you intend to use trusted referrers. Most of the time that's a bad idea, as it allows any person with basic computer skills and access to curl or a similar tool to add "trusted" hosts to your white list. The new config option Hal mentioned is called "enforce-blocks". If you have to recompile Privoxy anyway, you might as well use the latest CVS version. It will also allow you to use Privoxy as an intercepting proxy (in combination with a packet filter). Additionally you probably want to set "enable-remote-toggle" and "enable-edit-actions" to zero. ---------------------------------------------------------------------- Comment By: Hal Burgiss (hal9) Date: 2007-03-22 11:02 Message: Logged In: YES user_id=322640 Originator: NO I believe the trustfile is going to work per domain and not per file/page. I would try the block feature instead, which is much more flexible: {+block} / #block everything {-block} # list specific unblock exceptions here example.com/page1.html There are ways around these blocks in a default installation. You can make it much more tight by building from source and disabling certain features. Also, I think Fabian has just put some new block related features into cvs that can be enable through config file changes (rather than compiling/rebuilding from source). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=211118&aid=1685846&group_id=11118 |