RE: [squid-users] trying to block exe files ...

> -----Original Message-----
> From: Andrey Shorin [mailto:tolsty@tushino.com]
> Sent: Sunday, May 15, 2005 12:07 AM
> To: Chris Robertson
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] trying to block exe files ...
>
>
> Hello Chris,
>
> Friday, May 13, 2005, 21:26:52, Chris Robertson wrote:
>
>>>>>
>>>>>acl blockedfiles url_regex -i \.exe$ \.cab$
>>>>>http_access deny blockedfiles
>>>>>
>>>>>Can anyone please tell me what I've done wrong?
>
>>>>They maybe loged into ur log file but be sure that they never can be
>>>>downloaded. Logs just shows requests. I didn't see bug in Url regex
>>>>command.
>>>>nisa
>
>>> Thanks for that tip ... it does raise another point, though ... How can
>>> I tell from the logs if the download actually occurred? If I have valid
>>> file size information, is that an indication that the download actually
>>> occured?
>
> The indication is some of TCP_MISS, TCP_REFRESH_MISS etc. status of
> the request.
>
>> There is a small problem with the url_regex, in that some times the .exe
or
>> .cab file is not downloaded directly. Something like
>> http://files.example.com/download.php?filename=program.exe&path=/files/
>> might be a pipe (as opposed to a redirect) to download an executable.
>> Examples of access.log entries for successful downloads would be helpful.
>
> Look a little up the message. regexps having '$' at the end which
> means 'end of string'
>
>> Otherwise, if the request matches an "http_access allow" before the
>> "http_access deny blockedfiles" the download will be successful. That
>> depends entirely on the order of your http_access lines.
>
>> Chris
>
> --
> Best regards,
> Andrey Shorin
>

Hmmm... I guess I wasn't clear with my intended explanation. Upon
reflection, it might have been off-target anyway.

To clarify, are you seeing URLs ending in .exe in the access.log with a 200
status code (e.g. TCP_MISS/200 or TCP_REFRESH_MISS/200)?

Chris
Received on Mon May 16 2005 - 12:44:17 MDT