[squid-users] Prevent downloading of special types of applications

From: <reymc@dont-contact.us>
Date: Mon, 10 Feb 2003 17:36:39 +0100

Thanks a lot for your answer Robert. I now manage to apply filtering based on
the MIME type.

However, since all embedded scripts do not have the MIME type application/x -
oleobject (which is the MIME type they should have), I do not manage to avoid
downloading of activeX objects.

Does anyone has any idea on how to prevent downloading of ActiveX objects ?

Thanks again for your collaboration !

Marie

> Hi all,
>
> I am using Squid2.5 stable1 and I want to prevent the downloading of some
types
> of applications such as activeX (oleobject is the MIME type of an activeX
> object).
>
> Here is the configuration I used:
>
> ********************************
>
>
> acl trusted_sites srcdomain .microsoft.com
> acl repdangerous_appli rep_mime_type -i ^application/x -oleobject$
>
> http_reply_access allow trusted_sites repdangerous_appli
>
> ********************************
>
> Then, when I request for URL www.microsoft.com, I get an error
message "Access
> denied"
>
> Does anyone know why ?

Yes. You haven't allowed any other traffic.
try:
http_reply_access deny trusted_sites repdangerous_appli
http_reply_access allow all

Also, be sure to test trusted_sites in http_access as well - in squid
2.5 http_reply_access requires 'fast' acl checks, which means that DNS
lookups cannot be done there. (This is fixed in 3.0)

Rob

---------------------------------------------------------------------------
This mail sent through Institut Eurecom Webmail : http://webmail.eurecom.fr
Received on Mon Feb 10 2003 - 09:36:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:17 MST