From: Marcus Kool <marcus.kool@xxxxxxxxxxxxxxx>
Subject: Re: .com extension blocking causing
blocking of
redirecting URL's To: "Truth Seeker" <truth_seeker_3535@xxxxxxxxx>
Cc: "Squid maillist" <squid-users@xxxxxxxxxxxxxxx>
Date: Saturday, March 28, 2009, 1:53 PM
The ACL blocks URLs that end with
.com
i.e. it blocks a URL which is www.example.com while it does
not block www.example.com/index.html
If you change the patterns to include a slash you are
fine.
The slash must prevent that domains with .com are matched.
e.g.
..*\.com$ becomes .*\..*/.*\.com$
Marcus
Truth Seeker wrote:
Hi Techies,
I have an acl which blocks download of file with
harmful extension's. like .exe, .bat, .com, etc. This rule
is working fine. the following is the details of it;
### Blocking of Dangerous extensions to certain
groups
acl dangerous_extension urlpath_regex -i
"/etc/squid/include-files/dangerous_ext
ension.squid"
http_access allow vip_acl dangerous_extension
http_access allow power_acl dangerous_extension
http_access allow ultimate_acl dangerous_extension
http_access allow download_surfers_acl
dangerous_extension
http_access deny dangerous_extension
deny_info ERR_DANGEROUS_ESTENSIONS
dangerous_extension
# cat
/etc/squid/include-files/dangerous_extension.squid
..*\.exe$
..*\.com$
..*\.vb$
..*\.vbs$
..*\.vbe$
..*\.cmd$
..*\.bat$
..*\.ws$
..*\.wsf$
..*\.scr$
..*\.shs$
..*\.pif$
..*\.hta$
..*\.jar$
..*\..js$
..*\.jse$
..*\.lnk$
..*\.mov$
..*\.3gp$
...*\.avi$
..*\.rar$
..*\.zip$
If there is a site which redirect traffic to another
.com site, will cause to trigger the above rule, which will
result in failure of a legitimate request. How can i do a
workaround on this issue???
Thanks in Advance...
-
--
---
Always try to find truth!!!
------------***---------------***--------------***------------
Its always nice to know that people with no
understanding of technologies want to evaluate technical
professionals based on their own lack of knowledge
------------***---------------***--------------***------------