The given ACL should block such requests, and does in my tests.
But you may want to add a -i there to make it case insensitive, and to
add ; in addition to ?.
Regards
Henrik Nordström
Squid Hacker
Jorge Cuellar Martinez wrote:
>
> I have a problem with file download blocking... i used to block the
> download of executable files, and multimedia files...
>
> but i have noticed that if you add a question mark and some values,
> you can bypass the acls that denies the access to that files...
>
> example:
> acl mp3 url_regex \.mp3($|\?)
> http_access deny mp3
>
> this URL will be denied by my rule:
> http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3
> and even this one:
> http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3?
>
> then if i add a question mark to the url and some values like:
>
> http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3?bypass=downloadmyfile
>
> squid will serve the file
>
> ¿any comments?
>
>
>
> Jorge Cuéllar.
> Servicio de Administración
> Tributaria
> Seguridad Informática
> Tel: 5483-1105 Extensión
> 7167
> Skytel PIN:5583533
>
>
Received on Tue Oct 23 2001 - 20:54:01 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:05 MST