> -----Original Message----- > From: Andrey Shorin [mailto:tolsty@xxxxxxxxxxx] > Sent: Sunday, May 15, 2005 12:07 AM > To: Chris Robertson > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: [squid-users] trying to block exe files ... > > > Hello Chris, > > Friday, May 13, 2005, 21:26:52, Chris Robertson wrote: > >>>>> >>>>>acl blockedfiles url_regex -i \.exe$ \.cab$ >>>>>http_access deny blockedfiles >>>>> >>>>>Can anyone please tell me what I've done wrong? > >>>>They maybe loged into ur log file but be sure that they never can be >>>>downloaded. Logs just shows requests. I didn't see bug in Url regex >>>>command. >>>>nisa > >>> Thanks for that tip ... it does raise another point, though ... How can >>> I tell from the logs if the download actually occurred? If I have valid >>> file size information, is that an indication that the download actually >>> occured? > > The indication is some of TCP_MISS, TCP_REFRESH_MISS etc. status of > the request. > >> There is a small problem with the url_regex, in that some times the .exe or >> .cab file is not downloaded directly. Something like >> http://files.example.com/download.php?filename=program.exe&path=/files/ >> might be a pipe (as opposed to a redirect) to download an executable. >> Examples of access.log entries for successful downloads would be helpful. > > Look a little up the message. regexps having '$' at the end which > means 'end of string' > >> Otherwise, if the request matches an "http_access allow" before the >> "http_access deny blockedfiles" the download will be successful. That >> depends entirely on the order of your http_access lines. > >> Chris > > -- > Best regards, > Andrey Shorin > Hmmm... I guess I wasn't clear with my intended explanation. Upon reflection, it might have been off-target anyway. To clarify, are you seeing URLs ending in .exe in the access.log with a 200 status code (e.g. TCP_MISS/200 or TCP_REFRESH_MISS/200)? Chris
