Jens Strohschnitter wrote:
Hi list, is it possbile to configure squid to block any .exe files for download but allow the download from specific url. I have blocked all downloads from .exe-files via acl: acl exe-users src "/etc/allowed_downloads_exe" acl exe-files urlpath_regex -i \.exe$
For what it's worth, this rule can be circumvented by appending a ? to the end of the URL (e.g. http://www.example.com/program.exe is blocked, but http://www.example.com/program.exe? will allow the download). Adding an additional block based on rep_mime_type might help some.
[...]
acl dstdomain allowed_exeurls "/etc/allowed_exeurls" # Use url_regex or urlpath_regex ACLs as appropriate
http_access allow exe-users exe-files
http_access allow allowed_exeurls exe-files
http_access deny exe-files But now I want to allow .exe-download for a specified url in a file like /etc/allowed_exeurls. How can I configure squid to work so ? Thx.
See squid.conf for the format of dstdomain ACLs. See the FAQ (http://wiki.squid-cache.org/SquidFaq/SquidAcl) for more details on the relationship between ACLs and http_access rules. Chris
