[squid-users] Re: acl virus1 url_regex http://www/c/winnt/system32/cmd.exe

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 26 Sep 2001 08:24:47 +0200

That you can do, provided the request contains exacly this string (see
access.log).

Fir this kind of matches I would recommend using the urlpath_regex type
to only match against the path excluding requested host name.

In these times I would recommend using

acl virus2 urlpath_regex system32
http_access deny virus2

Yes, this may match somewhat more than intended, but not very likely. It
will however match a rather wide range of IIS exploits.

Regards
Henrik Nordström
Squid Hacker

Edward wrote:
>
> Hi Henrik!
>
> Do you know if this command would work in squid 2.5?
>
> acl virus1 url_regex http://www/c/winnt/system32/cmd.exe
> http_access deny virus1
>
> I have use this line including ^http://www/c/winnt/system32/cmd.exe$ to see
> if I was doing something wrong.
>
> It still would not deny me access. Am I missing something here
>
> Thank you very much.
>
> Best regards,
>
> Edward Millington. BSc, Network+
> (Network Administrator & Senior Technical Support Technician)
> Cariaccess Communications Ltd.
> Palm Plaza
> Wildey
> St. Michael
> Barbados
> 1-246-430-7435
> Fax : 1-246-431-0170
> edward@cariaccess.com
> www.cariaccess.com
Received on Wed Sep 26 2001 - 00:31:16 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:29 MST