I did the following which works fine for me :
acl nimda_block url_regex "/usr/local/squid/etc/nimda_block"
http_access deny nimda_block
The contents of nimda_block
.*readme.eml*
Hope it helps, looking forward to other solutions as well
Peter van der Does
Tomas Andershem <tomas.andershem@calldok.com> on 20-09-2001 12:03:47
To: squid-users@squid-cache.org
cc: (bcc: Peter van der Does/VopakShipping-DOR/SHIP/Vopak)
Subject: [squid-users] Nimda Virus problem
Hi i turn to you in hope of some ideas. Sorry if this has been answer
already but i havent been able to find anything about it
Im trying to block out the Nimda worm in my squid proxy server and i
haveing some problems.
Im running a Linux RH6.2 system with the squid-2.4.STABLE2 package, newely
compiled..
And the Browsers i use is IE4.0 - IE5.5
i have entered an ACL ruleset that looks like this:
acl w1 url_regex eml
acl e1 url_regex -i eml
acl q1 urlpath_regex eml
acl a1 urlpath_regex -i eml
acl r1 urlpath_regex -i \.eml$
acl t1 url_regex -i \.eml$
http_access deny w1
http_access deny e1
http_access deny q1
http_access deny a1
http_access deny r1
http_access deny t1
..
..
more http_access allow rules for clients
..
The real probelm i have is that it passing trough the readme.eml
The access.log file gives me this message, that to looks like it are beeing
blocked, but it reatch my client just fine.
xxx.xxx.xxx.xxx - - [20/Sep/2001:11:43:33 +0200] "GET
http://brooker1.internet42.com/readme.eml HTTP/1.1" 403 1052 TCP_DENIED:NONE
The regexp filters works just fine if i have "eml" in the browsers url path
ex. http://www.anywhere.com/eml
Any ides would be apreicated
Tomas Andershem
Received on Thu Sep 20 2001 - 05:24:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:19 MST