Re: [squid-users] deny downloads

From: Mr. Singh <[email protected]>
Date: Tue, 29 Apr 2003 15:47:19 +0530 (IST)

On Tue, 29 Apr 2003, Rajesh wrote:

> Hi all,
>
> I am forwarding my previous message to the news group again. Because nobody
> responded to my email.
>
> I want to block users downloading
> any gzip or zip files using their browser. I have the following in my squid.conf
> file:
>
> acl Downloads urlpath_regex \.gz$ \.GZ$ \.zip$ \.ZIP$ \.arj$ \.ARJ$ \
> .lha$ \.LHA$ \.tgz$ \.TGZ$ \.gzip$ \.GZIP$ \.exe$ \.EXE$
>
> http_access deny Downloads !POST
You check excluding !POST in the above line.
>
> But it still allows me to download.
>
> Thanks,
> Rajesh.
>
>
> Hi,
>
> Here is my squid config. Please have a look and let me know if I made any
> mistake.
>
> http_port 0.0.0.0:3128
> icp_port 3130
> udp_incoming_address 0.0.0.0
> udp_outgoing_address 255.255.255.255
> cache_peer proxy.ozemail.com.au Parent 8080 3130 no-query default
> cache_peer proxymel.ozemail.com.au Parent 8080 3130
> cache_peer px2.mel.aone.net.au Parent 80 3130
> icp_query_timeout 0
> maximum_icp_query_timeout 2000
> mcast_icp_query_timeout 2000
> dead_peer_timeout 10 seconds
> hierarchy_stoplist cgi-bin
> hierarchy_stoplist ?
> no_cache Deny QUERY
> no_cache Deny NOCACHE
> cache_mem 8388608 bytes
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size 2097152 bytes
> minimum_object_size 0 bytes
> maximum_object_size_in_memory 8192 bytes
> ipcache_size 2048
> ipcache_low 90
> ipcache_high 95
> fqdncache_size 1024
> cache_replacement_policy lru
> memory_replacement_policy lru
> cache_dir ufs /mnt/cache 500 16 256
> cache_access_log /opt/local/pkgs/squid-2.5.STABLE1/var/logs/access.log
> cache_log /opt/local/pkgs/squid-2.5.STABLE1/var/logs/cache.log
> cache_store_log none
> emulate_httpd_log on
> log_ip_on_direct on
> mime_table /opt/local/pkgs/squid-2.5.STABLE1/etc/mime.conf
> log_mime_hdrs off
> pid_filename /opt/local/pkgs/squid-2.5.STABLE1/var/logs/squid.pid
> debug_options ALL,1
> log_fqdn off
> client_netmask 255.255.255.255
> ftp_user Squid@
> ftp_list_width 32
> ftp_passive on
> ftp_sanitycheck on
> dns_retransmit_interval 5 seconds
> dns_timeout 300 seconds
> hosts_file /etc/hosts
> diskd_program /opt/local/pkgs/squid-2.5.STABLE1/libexec/
> unlinkd_program /opt/local/pkgs/squid-2.5.STABLE1/libexec/unlinkd
> redirect_program /opt/local/pkgs/squidGuard/bin/squidGuard
> redirect_program -c
> redirect_program /opt/local/pkgs/squidGuard/conf/filter.conf
> redirect_children 20
> redirect_rewrites_host_header on
> auth_param basic
> auth_param basic realm Squid proxy-caching web server
> auth_param basic children 5
> auth_param basic credentialsttl 7200 seconds
> authenticate_cache_garbage_interval 3600 seconds
> authenticate_ttl 3600 seconds
> authenticate_ip_ttl 0 seconds
> wais_relay_port 0
> request_header_max_size 10240 bytes
> request_body_max_size 0 bytes
> refresh_pattern . 0 20% 4320
>
> quick_abort_min 16 KB
> quick_abort_max 16 KB
> quick_abort_pct 95
> negative_ttl 300 seconds
> positive_dns_ttl 21600 seconds
> negative_dns_ttl 300 seconds
> range_offset_limit 0 bytes
> connect_timeout 120 seconds
> peer_connect_timeout 30 seconds
> read_timeout 900 seconds
> request_timeout 300 seconds
> persistent_request_timeout 60 seconds
> client_lifetime 86400 seconds
> half_closed_clients on
> pconn_timeout 120 seconds
> ident_timeout 10 seconds
> shutdown_lifetime 30 seconds
> acl QUERY urlpath_regex cgi-bin
> acl QUERY urlpath_regex \?
> acl NOCACHE url_regex ^http://global.umi.com/
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1
> acl ilanet src 172.16.0.4
> acl stealth src 172.16.0.6
> acl to_localhost dst 127.0.0.0/255.0.0.0
> acl SSL_ports port 443
> acl SSL_ports port 563
> acl Safe_ports port 80
> acl Safe_ports port 443
> acl Safe_ports port 21
> acl Safe_ports port 563
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> acl POST method POST
> acl Downloads urlpath_regex \.gz$
> acl Downloads urlpath_regex \.exe$
> acl Downloads urlpath_regex \.zip$
> acl Downloads urlpath_regex \.GZ$
> acl Downloads urlpath_regex \.ZIP$
> acl Downloads urlpath_regex \.arj$
> acl Downloads urlpath_regex \.ARJ$
> acl Downloads urlpath_regex \.lha$
> acl Downloads urlpath_regex \.LHA$
> acl Downloads urlpath_regex \.tgz$
> acl Downloads urlpath_regex \.TGZ$
> acl Downloads urlpath_regex \.gzip$
> acl Downloads urlpath_regex \.GZIP$
> acl Downloads urlpath_regex \.EXE$
> acl our_networks src 172.16.0.0/255.255.0.0
> acl our_networks src 192.168.1.0/255.255.255.0
> acl our_networks src 192.168.2.0/255.255.255.0
> acl our_networks src 192.168.3.0/255.255.255.0
> acl infotrac-custom dstdomain .infotrac-custom.com
> acl infotrac dstdomain infotrac.galegroup.com
> acl austlist dstdomain .lib.adfa.edu.au
> acl webspirs4 dstdomain webspirs4.informit.com.au
> acl 8590 port 8590
> acl bio dstdomain ad.doubleclick.net
> acl reuters dstdomain .business.reuters.com
> acl apt dstdomain .picturethesaurus.gov.au
> acl umi dstdomain .umi.com
> acl proquest dstdomain .proquest.com
> acl local-hosts dstdomain www.sl.nsw.gov.au
> acl local-hosts dstdomain library.sl.nsw.gov.au
> acl dixon-host dstdomain dixon.sl.nsw.gov.au
> acl liac dstdomain .liac.net.au
> acl liac1 dstdomain liac.sl.nsw.gov.au
> acl abs dstdomain www.abs.gov.au
> acl aspect dstdomain www.aspectfinancial.com.au
> acl hwwilson dstdomain vnweb.hwwilson.com
> http_access Allow manager localhost
> http_access Allow manager ilanet
> http_access Allow manager stealth
> http_access Deny manager
> http_access Deny !Safe_ports
> http_access Deny CONNECT !SSL_ports
> http_access Deny Downloads !POST
> http_access Allow our_networks
> http_access Deny all
> http_reply_access Allow all
> icp_access Allow all
> miss_access Allow all
> ident_lookup_access Deny all
> reply_body_max_size 0 Allow all
> cache_mgr webmaster
> cache_effective_user nobody
> cache_effective_group nogroup
> announce_period 31536000 seconds
> announce_host tracker.ircache.net
> announce_port 3131
> httpd_accel_port 80
> httpd_accel_single_host off
> httpd_accel_with_proxy off
> httpd_accel_uses_host_header off
> dns_testnames netscape.com
> dns_testnames internic.net
> dns_testnames nlanr.net
> dns_testnames microsoft.com
> logfile_rotate 10
> append_domain .sl.nsw.gov.au
> tcp_recv_bufsize 0 bytes
> err_html_text
> memory_pools off
> memory_pools_limit 0 bytes
> forwarded_for on
> log_icp_queries on
> icp_hit_stale off
> minimum_direct_hops 4
> minimum_direct_rtt 400
> cachemgr_passwd XXXXXXXXXX all
> store_avg_object_size 6 KB
> store_objects_per_bucket 20
> client_db on
> netdb_low 900
> netdb_high 1000
> netdb_ping_period 300 seconds
> query_icmp off
> test_reachability off
> buffered_logs off
> reload_into_ims off
> always_direct Allow infotrac-custom
> always_direct Allow infotrac
> always_direct Allow austlist
> always_direct Allow webspirs4 8590
> always_direct Allow bio
> always_direct Allow reuters
> always_direct Allow apt
> always_direct Allow umi
> always_direct Allow proquest
> always_direct Allow local-hosts
> always_direct Allow local-hosts
> always_direct Allow dixon-host
> always_direct Allow liac
> always_direct Allow liac1
> always_direct Allow abs
> always_direct Allow aspect
> always_direct Allow hwwilson
> icon_directory /opt/local/pkgs/squid-2.5.STABLE1/share/icons
> error_directory /opt/local/pkgs/squid-2.5.STABLE1/share/errors/English
> minimum_retry_timeout 5 seconds
> maximum_single_addr_tries 3
> as_whois_server whois.ra.net
> wccp_router 0.0.0.0
> wccp_version 4
> wccp_incoming_address 0.0.0.0
> wccp_outgoing_address 255.255.255.255
> incoming_icp_average 6
> incoming_http_average 4
> incoming_dns_average 4
> min_icp_poll_cnt 8
> min_dns_poll_cnt 8
> min_http_poll_cnt 8
> max_open_disk_fds 0
> offline_mode off
> uri_whitespace allow
> nonhierarchical_direct on
> prefer_direct off
> strip_query_terms on
> coredump_dir /opt/local/pkgs/squid-2.5.STABLE1/var/cache
> redirector_bypass off
> ignore_unknown_nameservers on
> client_persistent_connections on
> server_persistent_connections on
> pipeline_prefetch off
> high_response_time_warning 0
> high_page_fault_warning 0
> high_memory_warning 0 bytes
> store_dir_select_algorithm least-load
> ie_refresh off
> vary_ignore_expire off
> sleep_after_fork 0
>
> Thanks,
> Rajesh.
> >Date: Thu, 24 Apr 2003 14:12:35 +1000
> >From: Colin Campbell <sgcccdc@citec.qld.gov.au>
> >To: Rajesh <rajesh@sl.nsw.gov.au>
> >Cc: squid-users@squid-cache.org, Tony.Melia@downsmicro.com.au
> >Subject: Re: [squid-users] deny downloads
> >Mime-Version: 1.0
> >Content-Transfer-Encoding: 7bit
> >
> >Hi,
> >
> >On Thu, 24 Apr 2003 13:47:09 +1000 (EST)
> >Rajesh <rajesh@sl.nsw.gov.au> wrote:
> >
> >> Hi,
> >>
> >> I've tried it as
> >>
> >> http_access deny Download, it doesn't work.
> >
> >based on what's been written previously, it should be:
> >
> > http_access deny Downloads
> >
> >If that doesn't work, maybe your order of http_access lines is biting you. Give
> >us the complete list if you still can't work it out.
> >
> >Colin
> >--
> >Colin Campbell
> >Unix Support/Postmaster/Hostmaster
> >CITEC
> >+61 7 3227 6334
>
>
> Unix System Administrator
> State Library of NSW
> Macquarie Street
> Sydney - 2000
>
> Email: rajesh@sl.nsw.gov.au
> Ph: 02-92731711
>
>
>
> ====================================
> This email and any attachments to it are privileged and confidential.
> If you
> are not the intended recipient, please notify the sender and delete
> it. The
> contents of this email are not given or endorsed by the State Library
> of New
> South Wales unless otherwise indicated by an authorised officer of
> the
> Library. Copyright law may also apply to this contents of this email.
> ====================================
>
>
>
>
>
> ------------- End Forwarded Message -------------
>
>
>
> Unix System Administrator
> State Library of NSW
> Macquarie Street
> Sydney - 2000
>
> Email: rajesh@sl.nsw.gov.au
> Ph: 02-92731711
>
>
>
> ====================================
> This email and any attachments to it are privileged and confidential.
> If you
> are not the intended recipient, please notify the sender and delete
> it. The
> contents of this email are not given or endorsed by the State Library
> of New
> South Wales unless otherwise indicated by an authorised officer of
> the
> Library. Copyright law may also apply to this contents of this email.
> ====================================
>
>
>
>
>

-- 
Vimal P. Singh Thoudam
Received on Tue Apr 29 2003 - 06:23:51 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:35 MST