[squid-users] Problem blocking files with urlpath_regex acl

From: <[email protected]>
Date: Tue, 18 Jan 2005 11:39:29 -0000

Hi,

I'm having a few problems trying to block file downloads with Squid. I have
a file called 'restricted_files' with the following contents:

\.7z$
\.7z?
\.7z;
\.ace$
\.ace?
\.ace;
\.arc$
\.arc?
\.arc;
\.arj$
\.arj?
\.arj;
\.bat$
\.bat?
\.bat;
\.b64$
\.b64?
\.b64;
\.bh$
\.bh?
\.bh;
\.bhx$
\.bhx?
\.bhx;
\.bz2$
\.bz2?
\.bz2;
\.cpio$
\.cpio?
\.cpio;
\.deb$
\.deb?
\.deb;
\.gz$
\.gz?
\.gz;
\.gzip$
\.gzip?
\.gzip;
\.hqx$
\.hqx?
\.hqx;
\.iso$
\.iso?
\.iso;
\.jar$
\.jar?
\.jar;
\.lha$
\.lha?
\.lha;
\.lzh$
\.lzh?
\.lzh;
\.mim$
\.mim?
\.mim;
\.mp3$
\.mp3?
\.mp3;
\.ogg$
\.ogg?
\.ogg;
\.rar$
\.rar?
\.rar;
\.rpm$
\.rpm?
\.rpm;
\.tar$
\.tar?
\.tar;
\.taz$
\.taz?
\.taz;
\.tgz$
\.tgz?
\.tgz;
\.torrent$
\.torrent?
\.torrent;
\.tz$
\.tz?
\.tz;
\.uu$
\.uu?
\.uu;
\.uue$
\.uue?
\.uue;
\.wma$
\.wma?
\.wma;
\.xxe$
\.xxe?
\.xxe;
\.z$
\.z?
\.z;
\.zip$
\.zip?
\.zip;
\.zoo$
\.zoo?
\.zoo;

And I have the following setup in my squid.conf:

acl User1 proxy_auth user1
acl User2 proxy_auth user2
acl BlockedDownloads urlpath_regex -i "/usr/local/ITIS/restricted_files"

http_access allow User1
http_access deny BlockedDownloads
http_access allow User2

Now, if I authenticate as user1, I can download all files with no problems.
However, if I authenticate as user2, and browse to - for example -
www.google.co.uk, cache.log is showing that the following URL's are blocked
because they match 'BlockedDownloads':

http://www.google.co.uk/intl/en-uk/images/logo.gif
http://www.google.co.uk/favicon.ico

However, these extensions are not in my list! I notice similar results on
other sites, with files getting blocked that shouldn't be.

Can anyone offer me any help on this?

Cheers,
John

ITIS Holdings plc
www.itisholdings.com

Station House, Stamford New Road
Altrincham, Cheshire WA14 1EP
+44(0)161 927 3600
+44(0)161 929 5074 (fax)

Internet communications are not secure and therefore ITIS Holdings cannot
accept responsibility for the contents of this message. If you wish to
verify that this email is genuine please contact us at the address above.

This email is confidential and is intended only for the named recipient. If
you are not the intended recipient, any dissemination, copying or disclosure
of this message is strictly prohibited. If you have received this email in
error please delete this email and contact us immediately. Any personal
opinions expressed in this email are those of the sender and should not be
taken as being representative of ITIS Holdings plc.
Received on Tue Jan 18 2005 - 04:39:33 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST