On 14/12/2015 10:39 a.m., Markus wrote:
> Yuri Voinov wrote:
>
>> Think more. ALL ICAP solutions checks content. Diladele is not only solution
>> which checks content.
> [...]
>
>> You really think executable files can have only known extension?
>
>
> My way of thinking was like that:
> instea
On 14/12/2015 3:37 a.m., Patrick Flaherty wrote:
> Without 'dns_v4_first', what is sitting on top of the IPv6 connection
> timeout?
The processing order is:
Select set of potential servers to contact,
DNS lookups [ both A and in parallel],
IP sorting order [v6 first],
TCP connect(2) [
Yuri Voinov wrote:
> Think more. ALL ICAP solutions checks content. Diladele is not only solution
> which checks content.
[...]
> You really think executable files can have only known extension?
My way of thinking was like that:
instead of testing with AV each .exe or .zip file better block it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Finally,
14.12.15 2:22, Markus пишет:
> hi,
> thanks for your help guys. I suspected that ICAP will be necessary.
> but I thought that even ICAP checks it only by the file extension or
> by server response (mime-type). Surprisingly Diladele is abl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
14.12.15 2:22, Markus пишет:
> hi,
> thanks for your help guys. I suspected that ICAP will be necessary.
> but I thought that even ICAP checks it only by the file extension or
> by server response (mime-type). Surprisingly Diladele is able to che
hi,
thanks for your help guys. I suspected that ICAP will be necessary.
but I thought that even ICAP checks it only by the file extension or
by server response (mime-type). Surprisingly Diladele is able to check
the first bytes of file content, which is exactly what I wanted.
On the other hand I do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
For malware checking we have two working (and performance) solutions:
http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/eCAP
No need to block any and all executables i
On 12/13/2015 05:41 AM, Antony Stone wrote:
> On Sunday 13 Dec 2015 at 12:31, Markus wrote:
>
>> I'm trying to protect my internal network against unconsciously
>> downloading executable files (like malware). All users traffic pass
>> through our Squid proxy.
> http://www.techrepublic.com/blog/li
Hello Markus,
Indeed you need to have an ICAP server for example. The one I represent can
"look into first 256 bytes" of the stream to block by real contents as
indicated on
http://docs.diladele.com/administrator_guide_4_3/web_filter/policies/blocking_file_downloads.html.
Of course any other I
On Sunday 13 Dec 2015 at 15:25, Marcio Demetrio Bacci wrote:
> Hi,
>
> What is the best way to free access to a site without going through of the
> Squid Proxy?
Add an exception to the browser proxy configuration - generally most easily
done using a PAC file:
if (dnsDomainIs(host, ".my.bank.co
Hi,
What is the best way to free access to a site without going through of the
Squid Proxy?
There is a bank site that has problem when accessed through a proxy.
Could anyone give me an example?
Thanks,
Márcio
___
squid-users mailing list
squid-users@
Without 'dns_v4_first', what is sitting on top of the IPv6 connection
timeout? Is it a DNS lookup? Regardless of it being IPv6 timing out or IPv6
timing out falling back on IPv4 and having success of a long process to
maybe should be logged as a warning?
Second question, without 'dns_v4_first', wa
On Sunday 13 Dec 2015 at 12:31, Markus wrote:
> I'm trying to protect my internal network against unconsciously
> downloading executable files (like malware). All users traffic pass
> through our Squid proxy.
> So, tell me guys, if there is any solution for this?
http://www.techrepublic.com/blog
I'm wondering if it is possible to detect (and block) certain files by
its header/content like 'MZ' (0d 0a 0d 0a 4d 5a) which is a beginning
of any EXE/DLL file.
Purpose:
I'm trying to protect my internal network against unconsciously
downloading executable files (like malware). All users traffi
14 matches
Mail list logo
