* On 18/05/06 09:37 -0300, "Luís Fernando C. Talora" wrote: | Fellows, | | To protect dummy users against themselves, I´ve put a few rules on my | Squid server to prevent them on downloading some potentially dangerous | files by its extensions, such as .exe, .zip, .bat, .scr, and so on. Part | of the "regex" files for those rules follow: | | \.com$ | \.scr$ | \.bat$ | \.pif$ | (...) | | However, an user recieved a mail message with a link to some "virtual | card" (witch was, indeed, some kind of trojan) and I´ve noticed that | Squid allowed the user to download the file. The link follows: | | | http://www.mikes.educv.ro/albums/cartao.scr?4d325356ae47122a6e7b8f1f07cae26d | | It is quite impressive how the bad guys create ways to bypass the | proxy... If the URL do not end with the ".xxx", the rule is easily | bypassed. So I´ve tried the following: | | \.scr[\?\&]?.* | | It worked, but too many pages were blocked by mistake. Then I´ve thought | on this: | | \.scr$ | \.scr[\?\&] | | It probably works, but I didn´t try it, but I doesn´t seem to be the | best way to do it (I would need to create to lines for each blocked | extension). My question is: is there an easier way to do that? I mean, a | single rule that work in both cases (the file extension followed by the | "?" - ou the "&" - in the meedle of the URL or in the end of URL). It's time to integrate a true content filter, like Dansguardian[1], which will (when integrated with an Anti-virus) do real scanning of all content. Squid can then do what is was born for - caching/proxying. [1] http://www.dansguardian.org -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <wash@xxxxxxxxxxxx> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.
