The ACL blocks URLs that end with .com
i.e. it blocks a URL which is www.example.com while it does not block www.example.com/index.html
If you change the patterns to include a slash you are fine.
The slash must prevent that domains with .com are matched.
e.g.
..*\.com$ becomes .*\..*/.*\.com$
Marcus
Truth Seeker wrote:
> Hi Techies,
>
> I have an acl which blocks download of file with harmful extension's. like .exe, .bat, .com, etc. This rule is working fine. the following is the details of it;
>
> ### Blocking of Dangerous extensions to certain groups
> acl dangerous_extension urlpath_regex -i "/etc/squid/include-files/dangerous_ext
> ension.squid"
> http_access allow vip_acl dangerous_extension
> http_access allow power_acl dangerous_extension
> http_access allow ultimate_acl dangerous_extension
> http_access allow download_surfers_acl dangerous_extension
> http_access deny dangerous_extension
> deny_info ERR_DANGEROUS_ESTENSIONS dangerous_extension
>
> # cat /etc/squid/include-files/dangerous_extension.squid
> ..*\.exe$
> ..*\.com$
> ..*\.vb$
> ..*\.vbs$
> ..*\.vbe$
> ..*\.cmd$
> ..*\.bat$
> ..*\.ws$
> ..*\.wsf$
> ..*\.scr$
> ..*\.shs$
> ..*\.pif$
> ..*\.hta$
> ..*\.jar$
> ..*\.js$
> ..*\.jse$
> ..*\.lnk$
> ..*\.mov$
> ..*\.3gp$
> ..*\.avi$
> ..*\.rar$
> ..*\.zip$
>
>
>
> If there is a site which redirect traffic to another .com site, will cause to trigger the above rule, which will result in failure of a legitimate request. How can i do a workaround on this issue???
>
> Thanks in Advance...
>
>
> -
> --
> ---
> Always try to find truth!!!
>
> ------------***---------------***--------------***------------
>
> Its always nice to know that people with no understanding of technologies want to evaluate technical professionals based on their own lack of knowledge
>
> ------------***---------------***--------------***------------
>
>
>
>
>
>
Received on Sat Mar 28 2009 - 13:53:44 MDT
This archive was generated by hypermail 2.2.0 : Sat Mar 28 2009 - 12:00:04 MDT