On Fri, 2005-07-22 at 13:26 +0200, Joop Beris wrote: > So I created an expression list that will cause squidGuard to refuse the most > common dangerous (or timewasting) extensions. The list looks like so: > > \.(exe|com|bat|scr|pif|vbs|ade|adp|chm|cmd|cpl|crt|hlp|hta)$ > \.(inf|ins|isp|jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|reg|sct|)$ > \.(shs|shb|vb|vbe|wcs|wsf|wsh|avi|ram|ra|mov|mp3|wmv|zip|rar)$ > \.(asf|rm|mpg|mpeg|wav)$ > [snip] > However, ever inventive as our users are, they now have found a site that no > longer works because of this expression list. The site uses links such as the > following: > > http://somesite.tld/?menu=1. > > When parsing this url, squidguard finds the last dot, matches it to the > expression list and redirects the user to "Access Denied". This is of course > not desirable.
The problem is in the alternates in the second line, which include an entry which matches "nothing", right before the closing parenthesis. Remove the superfluous pipe character and the pattern should work as expected. To illustrate the problem by way of example: \.(foo|)$ means to match either \.foo$ or \.$ -- David P.C. Wollmann AIM & Yahoo!: converter42 | MSN Messenger: [EMAIL PROTECTED] PGP Fingerprint: 53C8 BF29 9AF0 EEE8 85DB 8D1C 14B1 023E 9079 CAD8 Get free PKCS client and server certificates at http://www.cacert.org/
