[squid-users] Re: Re: dialer downloads bypassing squid acls

From: Adam Aube <aaube01@dont-contact.us>
Date: Fri, 16 Jul 2004 16:13:26 -0400

Luis Miguel wrote:

> El viernes, 16 julio del 2004 a las 02:34:28, Adam Aube escribió:
>> Luis Miguel wrote:

>> > El viernes, 16 julio del 2004 a las 12:06:07, Scott Phalen escribió:
>> >>> We need a way to filter based on the whole MIME replied header or on
>> >>> select mime fields (filename) to cath this downloads.

>> >> I created an ACL to block by keyword, e.g. "dialerexe". This will
>> >> block
>> >> any URL that contains that word in the URL string. IF a user attempts
>> >> to reach a legitimate site with that in the URL I add the site to a
>> >> "safe url list" file and put that ahead of my keywords ACL.

>> > This is not a valid solution, you cant play Cat&Mouse all the time.

>> You would have the same problem blocking by file name.

> If you could do regex based on the MIME filename field or the whole mime
> replied header, then you can filter something like "filename=.*\.exe"
> stopping all .exe downloads, but you cant.

If you want the ability to match on the MIME filename (something like a
(rep|rep)_mime_name acl), then either write a patch or submit a feature
request bug. If it means a great deal to your organization, perhaps they
would consider sponsoring a developer to implement it.

>> You have the MIME type from the logs you showed us
>> (application/octet-stream) - just block that using rep_mime_type and
>> http_reply_access except for certain whitelisted sites.

> If you block all "application/octet-stream", you destroy the users webs
> acces blocking all kind of files, for example many swf (flash) and css
> files are download as "application/octet-stream".

CSS files should come across as text/css. Legitimate
application/octet-stream extensions can be whitelisted.

I know it's not ideal, but AFAIK, that's the best you can do with Squid's
currently available acls.

Adam
Received on Fri Jul 16 2004 - 14:11:17 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT