Hey all,
I got this idea about making users in my network aware of phishing attacks "en.wikipedia.org/wiki/Phishing"
so i got a list containing phishing websites, then i defined ACL that's block POST requests.
so the scenario as follows .. user enter the phishing website .. then he fill the form and when hey try to submit .. a blocking page will show up and tell him he was under phishing attack.
this is screenshot of the blocking message
http://dl.dropbox.com/u/196664/Screenshot-10.png
So, everything worked as i planned .. except for websites that uses HTTP GET method !
And if i blocked GET method .. the whole website will not be loaded from the first time.
i tried to analysis Squid access.log to find a way to block them ,, but i couldn't
this is my ACL in squid.conf
--
#phishing access
acl phishing dstdomain "/etc/squid/phishing-sites"
acl http_method method POST
Phishing Sites
http_access deny phishing http_method
--
Anyone got an idea ?
Regards,