RE: [squid-users] Blocking EXE problem??

From: Chris Robertson <[email protected]>
Date: Thu, 10 Feb 2005 15:10:19 -0900

> -----Original Message-----
> From: Justin Hennessy [mailto:jhennessy@mitchamcouncil.sa.gov.au]
> Sent: Thursday, February 10, 2005 2:50 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Blocking EXE problem??
>
>
> Hi all,
>
> I am trying to stop my staff from download EXE files from the
> internet.
>
> The problem is that I have come across a couple of sites that are legit
> that have EXE in the URL.
>
> Here is an example:
>
> http://www.ht.com.au/scripts/xworks.exe?M
>
> I have the following ACLs:
>
> acl ITStaff src IP1 IP2 IP3 etc
> acl POST method post
> acl EXE urlpath_regex \.[eE][xX][eE]
>
> And here is the rule:
>
> http_access deny EXE !POST !ITStaff
>
> Shouldn't that allow the URL with the EXE to display?
>
> Can anyone think of a way to get around this (other than creating a URL
> exception list)?
>
> Thanks,
>
> Justin

Perhaps something like:

acl EXE urlpath_regex -i \.exe$ # Or just add the $ to the end of your EXE
acl above
acl programs rep_mime_type application/octet-stream
http_reply_access deny EXE programs

That will not block requests for anything ending in exe (or EXE or ExE
or...), but should block replies for files ending with .exe of type
application/octet-stream. A request for the above url (...xworks.exe?M) is
currently blocked due to the missing "$" (which matches end of string) on
the end of your regex expression. In addition, the http_access line is
blocking requests that contain .exe unless it's a POST request from an
ITStaff IP address. Usually (but not always) requests with a ? are GETs.

Chris
Received on Thu Feb 10 2005 - 17:10:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST