The ACL blocks URLs that end with .com
i.e. it blocks a URL which is www.example.com while it does not block www.example.com/index.html
If you change the patterns to include a slash you are fine.
The slash must prevent that domains with .com are matched.
e.g.
..*\.com$ becomes .*\..*/.*\.com$
Marcus
Truth Seeker wrote:
Hi Techies,
I have an acl which blocks download of file with harmful extension's. like .exe, .bat, .com, etc. This rule is working fine. the following is the details of it;
### Blocking of Dangerous extensions to certain groups
acl dangerous_extension urlpath_regex -i "/etc/squid/include-files/dangerous_ext
ension.squid"
http_access allow vip_acl dangerous_extension
http_access allow power_acl dangerous_extension
http_access allow ultimate_acl dangerous_extension
http_access allow download_surfers_acl dangerous_extension
http_access deny dangerous_extension
deny_info ERR_DANGEROUS_ESTENSIONS dangerous_extension
# cat /etc/squid/include-files/dangerous_extension.squid
..*\.exe$
..*\.com$
..*\.vb$
..*\.vbs$
..*\.vbe$
..*\.cmd$
..*\.bat$
..*\.ws$
..*\.wsf$
..*\.scr$
..*\.shs$
..*\.pif$
..*\.hta$
..*\.jar$
..*\.js$
..*\.jse$
..*\.lnk$
..*\.mov$
..*\.3gp$
..*\.avi$
..*\.rar$
..*\.zip$
If there is a site which redirect traffic to another .com site, will cause to trigger the above rule, which will result in failure of a legitimate request. How can i do a workaround on this issue???
Thanks in Advance...
-
--
---
Always try to find truth!!!
------------***---------------***--------------***------------
Its always nice to know that people with no understanding of technologies want to evaluate technical professionals based on their own lack of knowledge
------------***---------------***--------------***------------
