Re: [squid-users] .com extension blocking causing blocking of redirecting URL's

From: Matus UHLAR - fantomas <uhlar_at_fantomas.sk>
Date: Mon, 30 Mar 2009 10:55:39 +0200

Hello,

please configure your mailer to wrap lines below 80 characters per line.
72 to 75 is usually OK.

Thank you.

On 27.03.09 23:40, Truth Seeker wrote:
> I have an acl which blocks download of file with harmful extension's. like
> .exe, .bat, .com, etc. This rule is working fine. the following is the
> details of it;
...
> acl dangerous_extension urlpath_regex -i "/etc/squid/include-files/dangerous_extension.squid"
...
> # cat /etc/squid/include-files/dangerous_extension.squid
...
> ..*\.com$
...

> If there is a site which redirect traffic to another .com site, will cause
> to trigger the above rule, which will result in failure of a legitimate
> request. How can i do a workaround on this issue???

You apparently mean It's blocking redirects like

http://redirect.to/blablablabl.com

Well, I may tell you that blocking by file extension can be easily avoided.
e.g.
http://download.some.file/blablabl.com?

will prevent the acl from matching.

If you want really avoid downloading of suspect files, try filtering them
with ICAP, 3rd party proxy filters (there are some supportign squid), and
forget those ACL's (note that parsing multiple regular expressions withing
squid may be very ineffective and can cause squid's slowdown).

Otherwise, simply find sites with such redirectors and try explicitly
allowing them. Maybe simple rules like allowing "redir=" would work, but
note the above, this is not good way of blocking dangerous content.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.
Received on Mon Mar 30 2009 - 08:55:44 MDT

This archive was generated by hypermail 2.2.0 : Mon Mar 30 2009 - 12:00:02 MDT