On Thursday 16 February 2006 12:01, Carlos Zottmann wrote:
> We are successfully blocking the download of executable files with the
> configurations below ... Maybe our users don´t have in IQ above 30 :-)
> Seriously, I don´t have reports of people managing to circumvent it. If
> anyone knows a way, please, let me know, ok?
Two drawbacks:
a) you rely on the content type being sent from the web server
(I can set up an Apache that always sends text/html even for
binary downloads. Web server usually take the suffix of a file
for finding the content type. Many files will get through with
no content type either.)
b) http_reply_access does not work with "dynamic/slow ACLs" like
external ACLs (e.g. you cannot connect that authorization to
LDAP groups - which is a problem when dealing with 5000 users
that are maintained by a help desk department)
Otherwise it might be acceptable.
Christoph
-- ~ ~ ".signature" [Modified] 1 line --100%-- 1,48 AllReceived on Mon Feb 20 2006 - 09:14:18 MST
This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST