On 17.10.06 11:35, Jens Strohschnitter wrote:
> > > is it possbile to configure squid to block any .exe files
> > > for download but allow the download from specific url.
> > > I have blocked all downloads from .exe-files via acl:
> > >
> > > acl exe-users src "/etc/allowed_downloads_exe"
> > > acl exe-files urlpath_regex -i \.exe$
> thanx for the tips. I have added the following lines to squid.conf:
>
> [...]
> acl EXEURLS url_regex "/etc/allowed_exeurls"
> [...]
> http_access allow GET EXEURLS
> [...]
>
> /etc/allowed_exeurls contentes for example:
> www.example.com
> from where any download of exe-files are allowed.
>
> Now it works as I wanted ;-)
why url_regex, if you just compare host names? use dstdom or dstdom_regex
martching regular expressions is very CPU intensive, so it should be avoided
as much as possible.
Even now, it's possible to download through your proxy by using urls like
http://bad.site.com/exefiles/www.example.com/virus.exe
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Boost your system's speed by 500% - DEL C:\WINDOWS\*.*Received on Tue Oct 17 2006 - 04:25:13 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST