[squid-users] Re: Re: dialer downloads bypassing squid acls

[Luis Miguel R.]

El viernes, 16 julio del 2004 a las 04:13:26, Adam Aube escribió:
> Luis Miguel wrote:
> 
> > El viernes, 16 julio del 2004 a las 02:34:28, Adam Aube escribió:
> >> Luis Miguel wrote:
> 
> >> > El viernes, 16 julio del 2004 a las 12:06:07, Scott Phalen escribió:
> >> >>> We need a way to filter based on the whole MIME replied header or on
> >> >>> select mime fields (filename) to cath this downloads.
> 
> >> >> I created an ACL to block by keyword, e.g. "dialerexe".  This will
> >> >> block
> >> >> any URL that contains that word in the URL string.  IF a user attempts
> >> >> to reach a legitimate site with that in the URL I add the site to a
> >> >> "safe url list" file and put that ahead of my keywords ACL.
> 
> >> > This is not a valid solution, you cant play Cat&Mouse all the time.
> 
> >> You would have the same problem blocking by file name.
> 
> > If you could do regex based on the MIME filename field or the whole mime
> > replied header, then you can filter something like "filename=.*\.exe"
> > stopping all .exe downloads, but you cant.
> 
> If you want the ability to match on the MIME filename (something like a
> (rep|rep)_mime_name acl), then either write a patch or submit a feature
> request bug. If it means a great deal to your organization, perhaps they
> would consider sponsoring a developer to implement it.
> 
I am pointing to "a problem" that I think many people is interested and
that (IMHO) needs to be addressed. 

> >> You have the MIME type from the logs you showed us
> >> (application/octet-stream) - just block that using rep_mime_type and
> >> http_reply_access except for certain whitelisted sites.
> 
> > If you block all "application/octet-stream", you destroy the users webs
> > acces blocking all kind of files, for example many swf (flash) and css
> > files are download as "application/octet-stream".
> 
> CSS files should come across as text/css. Legitimate
> application/octet-stream extensions can be whitelisted.
> 
> I know it's not ideal, but AFAIK, that's the best you can do with Squid's
> currently available acls.
> 
> Adam

Regards.

Re: [squid-users] Re: dialer downloads bypassing squid acls

[Luis Miguel R.]

El viernes, 16 julio del 2004 a las 02:25:00, Scott Phalen escribió:
> Something like dansguardian might do the trick.
> 

This is a response from Henrik Nordstrom on a previous mail message:

-
"Are there any way to pass this downloads to the redirector?"
  
"It is already, but as you noticed there is no way for the redirector to
tell that this is a download. This is because redirectors is called on the
request before it is forwarded, and to know the returned mime type the
request must have been forwarded and the response from the web server seen
by Squid."
-

So a redirector cant be used to block this downloads.


> >If you could do regex based on the MIME filename field or the whole mime
> replied header, then you can filter something like >"filename=.*\.exe"
> stopping all .exe downloads, but you cant.
> 
> > >You have the MIME type from the logs you showed us
> > >(application/octet-stream) - just block that using rep_mime_type and
> > >http_reply_access except for certain whitelisted sites.
> > >
> 
> >>If you block all "application/octet-stream", you destroy the users webs
> acces blocking all kind of files, for example many swf >>(flash) and css
> files are download as "application/octet-stream".