2 files changed, 46 insertions, 0 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index fef9590c..55d4a372 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -225,6 +225,20 @@ function squid_install_command() {
 			$config['installedpackages']['squidnac']['config'][0]['blacklist'] = $settingsnac['blacklist'];
 		}
 	}
+	
+	if(! empty($settingsnac['block_user_agent'])) {
+		if(strstr($settingsnac['block_user_agent'], ",")) {
+			$settingsnac['block_user_agent'] = base64_encode(implode("\n", explode(",", $settingsnac['block_user_agent'])));
+			$config['installedpackages']['squidnac']['config'][0]['block_user_agent'] = $settingsnac['block_user_agent'];
+		}
+	}
+	
+	if(! empty($settingsnac['block_reply_mime_type'])) {
+		if(strstr($settingsnac['block_reply_mime_type'], ",")) {
+			$settingsnac['block_reply_mime_type'] = base64_encode(implode("\n", explode(",", $settingsnac['block_reply_mime_type'])));
+			$config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type'];
+		}
+	}
 		
 	/*Migrate reverse settings*/
 	if (is_array($config['installedpackages']['squidreverse'])){
@@ -1078,6 +1092,8 @@ EOD;
 				'banned_hosts' => 'src',
 				'whitelist' => 'dstdom_regex -i',
 				'blacklist' => 'dstdom_regex -i',
+				'block_user_agent' => 'browser -i',
+				'block_reply_mime_type' => 'rep_mime_type -i',
 	);
 	foreach ($options as $option => $directive) {
 		$contents = sq_text_area_decode($settings[$option]);
@@ -1291,6 +1307,18 @@ function squid_resync_auth() {
 			$conf .= "http_access deny blacklist\n";
 		}
 	}
+	if(! empty($settingsnac['block_user_agent'])) {
+		if (squid_is_valid_acl('block_user_agent')) {
+			$conf .= "# Block access with user agents and browsers\n";
+			$conf .= "http_access deny block_user_agent\n";
+		}
+	}
+	if(! empty($settingsnac['block_reply_mime_type'])) {
+		if (squid_is_valid_acl('block_reply_mime_type')) {
+			$conf .= "# Block access with mime type in the reply\n";
+			$conf .= "http_reply_access deny block_reply_mime_type\n";
+		}
+	}
 
 	$transparent_proxy = ($settingsconfig['transparent_proxy'] == 'on');
 	$auth_method = (($settings['auth_method'] && !$transparent_proxy) ? $settings['auth_method'] : 'none');
diff --git a/config/squid-reverse/squid_nac.xml b/config/squid-reverse/squid_nac.xml
index bc4a278e..659d626f 100644
--- a/config/squid-reverse/squid_nac.xml
+++ b/config/squid-reverse/squid_nac.xml
@@ -139,6 +139,24 @@
 			<encoding>base64</encoding>
 		</field>
 		<field>
+			<fielddescr>Block user agents</fielddescr>
+			<fieldname>block_user_agent</fieldname>
+			<description>Enter each user agent on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description>
+			<type>textarea</type>
+			<cols>50</cols>
+			<rows>5</rows>
+			<encoding>base64</encoding>
+		</field>
+		<field>
+			<fielddescr>Block MIME types (reply only)</fielddescr>
+			<fieldname>block_reply_mime_type</fieldname>
+			<description>Enter each MIME type on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions. Useful to block javascript (application/x-javascript).</description>
+			<type>textarea</type>
+			<cols>50</cols>
+			<rows>5</rows>
+			<encoding>base64</encoding>
+		</field>
+		<field>
 			<name>Squid Allowed ports</name>
 			<type>listtopic</type>
 		</field>