Squid and blocking GET HTTP method for phishing purpose

abdulrhman · 03-15-2011, 10:11 AM

Hey all,

I got this idea about making users in my network aware of phishing attacks "en.wikipedia.org/wiki/Phishing"

so i got a list containing phishing websites, then i defined ACL that's block POST requests.

so the scenario as follows .. user enter the phishing website .. then he fill the form and when hey try to submit .. a blocking page will show up and tell him he was under phishing attack.

this is screenshot of the blocking message

http://dl.dropbox.com/u/196664/Screenshot-10.png

So, everything worked as i planned .. except for websites that uses HTTP GET method !

And if i blocked GET method .. the whole website will not be loaded from the first time.

i tried to analysis Squid access.log to find a way to block them ,, but i couldn't

this is my ACL in squid.conf
--

#phishing access
acl phishing dstdomain "/etc/squid/phishing-sites"
acl http_method method POST

Phishing Sites
http_access deny phishing http_method
--

Anyone got an idea ?

Regards,

acid_kewpie · 03-15-2011, 05:17 PM

I'like the idea og blocking posts, but at the same time, if it's a phishing site, why would you want any access to it at all, regardless of the http method?

abdulrhman · 03-15-2011, 06:25 PM

Quote:

Originally Posted by acid_kewpie

I'like the idea og blocking posts, but at the same time, if it's a phishing site, why would you want any access to it at all, regardless of the http method?

I wanna teach the user about phishing. I want to tell he almost be a victim for phishing. so next time he will double check with url and be careful.