El viernes, 16 julio del 2004 a las 04:13:26, Adam Aube escribió:
> Luis Miguel wrote:
>
> > El viernes, 16 julio del 2004 a las 02:34:28, Adam Aube escribió:
> >> Luis Miguel wrote:
>
> >> > El viernes, 16 julio del 2004 a las 12:06:07, Scott Phalen escribió:
> >> >>> We need a way to filter based on the whole MIME replied header or on
> >> >>> select mime fields (filename) to cath this downloads.
>
> >> >> I created an ACL to block by keyword, e.g. "dialerexe". This will
> >> >> block
> >> >> any URL that contains that word in the URL string. IF a user attempts
> >> >> to reach a legitimate site with that in the URL I add the site to a
> >> >> "safe url list" file and put that ahead of my keywords ACL.
>
> >> > This is not a valid solution, you cant play Cat&Mouse all the time.
>
> >> You would have the same problem blocking by file name.
>
> > If you could do regex based on the MIME filename field or the whole mime
> > replied header, then you can filter something like "filename=.*\.exe"
> > stopping all .exe downloads, but you cant.
>
> If you want the ability to match on the MIME filename (something like a
> (rep|rep)_mime_name acl), then either write a patch or submit a feature
> request bug. If it means a great deal to your organization, perhaps they
> would consider sponsoring a developer to implement it.
>
I am pointing to "a problem" that I think many people is interested and
that (IMHO) needs to be addressed.
> >> You have the MIME type from the logs you showed us
> >> (application/octet-stream) - just block that using rep_mime_type and
> >> http_reply_access except for certain whitelisted sites.
>
> > If you block all "application/octet-stream", you destroy the users webs
> > acces blocking all kind of files, for example many swf (flash) and css
> > files are download as "application/octet-stream".
>
> CSS files should come across as text/css. Legitimate
> application/octet-stream extensions can be whitelisted.
>
> I know it's not ideal, but AFAIK, that's the best you can do with Squid's
> currently available acls.
>
> Adam
Regards.
Received on Fri Jul 16 2004 - 17:06:54 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT