[squid-users] blocking binary download

[Erwann PENCREACH]

Hi all,

I'm trying to write rules that will block binary downloads
what I've writen :

acl contenttype1 req_mime_type video audio application/octet-stream \
                 application/x-msdownload application/exe \
                 application/x-exe \
                 application/dos-exe vms/exe application/x-winexe \
                 application/msdos-windows application/x-msdos-program \
                 binary

request_header_access Content-Type deny contenttype1


I checked it with nvidia drivers download, but this rule doesn't work.


$ sudo tcpflow -vvv -c -i bond0 src X.X.X.X
[...]
tcpflow[32412]: 010.012.011.010.03809-010.012.003.001.03128: new flow
010.012.011.010.03809-010.012.003.001.03128: GET 
http://us.download.nvidia.com/Windows/186.18/186.18_desktop_winxp_32bit_english_whql.exe 
HTTP/1.1
Host: us.download.nvidia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.10; 
.NET CLR 2.0.50727; ffco7) Gecko/2009042316 Firefox/3.0.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: 
http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://us.download.nvidia.com/Windows/186.18/186.18_desktop_winxp_32bit_english_whql.exe
Cookie: s_cc=true; s_nr=1247055367647; s_sq=%5B%5BB%5D%5D; 
s_vi=[CS]v1|4A548C4E0000425B-A3A081300001672[CE]


this is the last tcpflow block I obtain, just before the download box 
pops up at screen (asking me if I want to run or download the binary)


I'm using squid 3 + squidGuard, Is there anyway to make it work properly ?

My predecessor wrote rules based on url_regex to do that job on the 
former proxy , but this filtering is too large (no url containing exe at 
any place is granted)

thank's for your help (and be tolerant with my poor english level)

--
Ce courrier électronique a été vérifié et est exempt de virus connus à ce jour.
Contactez votre administrateur pour plus de renseignement.
postmas...@ch-chaumont.fr
begin:vcard
fn:Erwann Pencreach
n:Pencreach;Erwann
org:Centre Hospitalier de Chaumont;Service Informatique
adr;dom:;;2 rue Jeanne D'arc;Chaumont;;52000
email;internet:erwann.pencre...@ch-chaumont.fr
title:Technicien Informatique
tel;work:0325357321
tel;fax:0325030674
x-mozilla-html:FALSE
version:2.1
end:vcard