On Monday 04 August 2003 21.01, cadu wrote: > Well, I did and I found this: > > 1060022770.350 39667 192.168.0.46 TCP_MISS/200 329 GET > http://iht-d01.icq.com:443/monitor? user1 DIRECT/205.188.213.249 > AIM/HTTP [Accept-Language: pt\r\nAccept: text/html, image/gif, > image/jpeg, *; q=.2, */*; q=.2\r\nUser-Agent: Mozilla/4.0 > (compatible; MSIE 6.0; Win32)\r\nHost: > iht-d01.icq.com\r\nProxy-Connection: Keep-Alive\r\nPragma: > no-cache\r\nProxy-Authorization: Basic > Y2VkdWFyZG86UGlyYVBpcm81Ng==\r\n] [HTTP/1.0 200 OK\r\nDate: Mon, 04 > Aug 2003 18:46:10 GMT\r\nServer: AIM HTTP/1.0 > (aim_http_proxy)\r\nCache-Control: no-cache > no-store\r\nContent-Type: AIM/HTTP\r\nContent-Length: 24\r\n\r] > > Checking this record req_mime_type should work with ^AIM/HTTP$ > By the way I've also tested with ^AIM/HTTP\r\n$ just for sure but > it did not again...
Nope. The request is a GET request and does not have a content-type, as the request does not contain any content (the reply contains content and has a content-type). This request you either need to block by the URL (i.e. dstdoman .icq.com urlpath_regex ^/monitor) acl icq .dstdomain .icq.com acl icq_monitor urlpath_regex ^/monitor http_access deny icq icq_monitor Alternatively you can block the reply by it's reply mime type acl aim_http reply_mime_type -i ^aim/http$ http_reply_access deny aim_http Note the use of http_reply_access instead of http_access here.. reply mime type requires access to the reply data sent by the server which only http_reply_access has. Regards Henrik
