On 27/06/17 23:53, Daniel Rieken wrote:
Hello,
I would like to block my users from downloading doc- and docm-files,
but not docx.
So this works fine for me:
/etc/squid3/blockExtensions.acl:
\.doc(\?.*)?$
\.docm(\?.*)?$
acl blockExtensions urlpath_regex -i "/etc/squid3/blockExtensions.acl"
http_access deny blockExtensions
But in some cases the URL doesn't contain the extension (e.g. doc).
For URLs like this the above ACL doesn't work:
- http://www.example.org/download.pl?file=wordfile
- http://www.example.org/invoice-5479657415/
Here I need to work with mime-types:
acl blockMime rep_mime_type application/msword
acl blockMime rep_mime_type application/vnd.ms-word.document.macroEnabled.12
http_reply_access deny blockMime
This works fine, too. But I see a problem: The mime-type is defined on
the webserver. So the badguy could configure his webserver to serve a
doc-file as application/i.am.not.a.docfile and the above ACL isn't
working anymore.
HTTP contains no concept of "file". That is a human concept. All of what
you mention above are the consequences of that difference.
I recommend you drop this concept of "file" from your thinking and
concentrate on detecting what HTTP details represent a bad HTTP message.
The "file" related things should be dealt with at other layers by other
software like AV scanning or as Brendan suggested ICAP payload scanners.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
