You need an ICAP server intelligent enough to differentiate between the file types. Squid is a proxy and can only deal with the protocol. An ICAP server can deal with the content. C-icap and ecap are a couple options that seem to be available. I havr no experience with either.
On Jun 27, 2017 7:53 AM, "Daniel Rieken" <danielrieke...@gmail.com> wrote: > Hello, > > I would like to block my users from downloading doc- and docm-files, > but not docx. > > So this works fine for me: > /etc/squid3/blockExtensions.acl: > \.doc(\?.*)?$ > \.docm(\?.*)?$ > > acl blockExtensions urlpath_regex -i "/etc/squid3/blockExtensions.acl" > http_access deny blockExtensions > > > But in some cases the URL doesn't contain the extension (e.g. doc). > For URLs like this the above ACL doesn't work: > - http://www.example.org/download.pl?file=wordfile > - http://www.example.org/invoice-5479657415/ > > Here I need to work with mime-types: > acl blockMime rep_mime_type application/msword > acl blockMime rep_mime_type application/vnd.ms-word. > document.macroEnabled.12 > http_reply_access deny blockMime > > This works fine, too. But I see a problem: The mime-type is defined on > the webserver. So the badguy could configure his webserver to serve a > doc-file as application/i.am.not.a.docfile and the above ACL isn't > working anymore. > Is there any way to make squid block doc- and docm files based on the > response-headers file-type? > Or in other words: Is squid able to match the "doc" in the > Content-Disposition header of the response? > > HTTP/1.0 200 OK > Date: Tue, 27 Jun 2017 11:40:57 GMT > Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 > Cache-Control: no-cache, no-store, max-age=0, must-revalidate > Pragma: no-cache > Content-Type: application/baddoc > Content-Disposition: attachment; > filename="gescanntes-Dokument-VPPAW-072-JCD3032.doc" > Content-Transfer-Encoding: binary > X-Powered-By: PHP/5.3.29 > Connection: close > > > Regards, Daniel > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
