Jens Strohschnitter wrote:
> Hi list,
>
> is it possbile to configure squid to block any .exe files
> for download but allow the download from specific url.
> I have blocked all downloads from .exe-files via acl:
>
> acl exe-users src "/etc/allowed_downloads_exe"
> acl exe-files urlpath_regex -i \.exe$
>
For what it's worth, this rule can be circumvented by appending a ? to
the end of the URL (e.g. http://www.example.com/program.exe is blocked,
but http://www.example.com/program.exe? will allow the download).
Adding an additional block based on rep_mime_type might help some.
> [...]
>
acl dstdomain allowed_exeurls "/etc/allowed_exeurls" # Use url_regex or
urlpath_regex ACLs as appropriate
> http_access allow exe-users exe-files
>
http_access allow allowed_exeurls exe-files
> http_access deny exe-files
>
> But now I want to allow .exe-download for a specified
> url in a file like /etc/allowed_exeurls.
>
> How can I configure squid to work so ? Thx.
>
>
See squid.conf for the format of dstdomain ACLs. See the FAQ
(http://wiki.squid-cache.org/SquidFaq/SquidAcl) for more details on the
relationship between ACLs and http_access rules.
Chris
Received on Mon Oct 16 2006 - 16:37:57 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST