Search squid archive

Re: Blocking downloads based in file extensions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 16 February 2006 12:01, Carlos Zottmann wrote:
> We are successfully blocking the download of executable files with the
> configurations below ... Maybe our users don´t have in IQ above 30  :-)
> Seriously, I don´t have reports of people managing to circumvent it. If
> anyone knows a way, please, let me know, ok?

Two drawbacks:

a) you rely on the content type being sent from the web server
   (I can set up an Apache that always sends text/html even for
   binary downloads. Web server usually take the suffix of a file
   for finding the content type. Many files will get through with
   no content type either.)
b) http_reply_access does not work with "dynamic/slow ACLs" like
   external ACLs (e.g. you cannot connect that authorization to
   LDAP groups - which is a problem when dealing with 5000 users
   that are maintained by a help desk department)

Otherwise it might be acceptable.

 Christoph
-- 
~
~
".signature" [Modified] 1 line --100%--                1,48         All


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux