Re: [squid-users] user can download blockd file type

From: Merton Campbell Crockett <[email protected]>
Date: Sun, 8 Aug 2004 09:35:53 -0700 (PDT)

The problem is in the regular expression that you are using. The first
half of you dlb.txt definition is correct assuming that any trailing white
space is removed by the browser.

In the second half of your filter definition is incorrect. Like the
period, the question mark has a significance in regular expression pattern
matching. It identifies that the pattern includes one and only one
arbitrary value.

Using your "\.exe?$" expression as an example, the expression would only
block a URL that ends in .exe plus one other character. This is not your
intent. Your intent is to block the URL even when it involves the passing
of HTTP parameters. In this case, you want the following definition.

        \.exe\?.*$

In this case, the match is made on .exe? followed by an arbitrary string
of 0 or more characters.

Merton Campbell Crockett

On Sun, 8 Aug 2004, Kashif Ali wrote:

> i hav blocked some files downloading in my network from squid cache
> my acl is
> acl dlb urlpath_regex -i "/usr/local/squid/etc/dlb.txt"
> acl mim rep_mime_type -i "/usr/local/squid/etc/mim.txt"
> http_access deny dlb
> http_access deny mim
>
> #the dlb.txt
> #-------------------------
> \.cab$
> \.exe$
> \.rm$
> \.mp?$
> \.mpg$
> \.mpeg$
> \.mp3$
> \.wmv$
> \.wma$
> \.mov$
> \.avi$
> \.cab?$
> \.exe?$
> \.rm?$
> \.mp??$
> \.mpg?$
> \.mpeg?$
> \.mp3?$
> \.wmv?$
> \.wma?$
> \.mov?$
> \.avi?$
> ~
> #the mim.txt
> #------------------
> ^application/octet-stream$
> ^application/x-msdownload$
> ^audio/x-pn-realaudio$
> ^audio/mpeg$
> ^audio/x-wav$
> ^video/mpeg$
>
> when any user try to download like http://www.somesites.com/file.exe
> it gives access denyed (wich i want )
> but when a user add ? on end of url like http://www.somesites.com/file.exe?
> the result is squid starts downloading file but with out extantion i want
> to stop downloading from squid when a user add ? sign
> thnx
>

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence and Exploitation Systems
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=work,fax:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard
Received on Sun Aug 08 2004 - 10:38:24 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT