RE: [squid-users] Deny download .exe files

From: Gerard Eviston <geviston@dont-contact.us>
Date: Wed, 14 Aug 2002 15:56:51 +1000

> -----Original Message-----
> From: Prasanta kumar Panda [mailto:prasanta.kumar@wipro.com]
> Sent: Tuesday, August 13, 2002 4:15 PM
> To: Rajesh; squid-users@squid-cache.org
> Cc: Srinivas
> Subject: RE: [squid-users] Deny download .exe files
>
>
> Hi,
>

Hello

> acl EXE urlpath_regex \.[eE][xX][eE]
> http_access deny EXE
>
> Try to skip POST method from this acl as some site use a .exe file in
> search engine like
> http://site/query.exe?blah..blah

This is a GET, not a POST. Blocking the POST method for this acl will
stop form submissions or other POSTS to urls containing '.exe'.

But you have a good point, using regex acls you have to be careful to
not block urls like:

http://site/query.exe?blah
http://site/query?q=file.exe

while still blocking urls like:

http://site/file.exe
http://site/file.exe?
http://site/download?file.exe

You could try squid-2.5 and the new mime type acls for http_reply_access
or even go one step further and use an external acl helper to match
"Content-Disposition" headers in application/octent-stream replies.

>
> Reg.
> Prasanta
>

Hope this helps

Gerard
Received on Tue Aug 13 2002 - 23:56:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:36 MST