Re: Allowing downloads from certain sites

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

On 29/06/2012 11:02 p.m., Edmonds Namasenda wrote:
> Shastri, try the below
>
> Assume...
> 1. Preventing Downloads File (nodowns.txt) has the following
> \.msi$
> \.exe$
> \.zip$
> \.etc$
>
> 2. Trusted Sites File (goodsites.txt) has the following
> *.*microsoft*.com*
> *.*windows*.com*
> *.*etc*.com*.com*

WTF? Does regex even accept that?

*.*microsoft*.com*

 ==>   (zero or more 'nothings')(zero or more characters)(the text 
"microsof")(zero or more 't' characters)(any single character)(thetext 
"co")(zero or more 'm' characters)

Don't you mean this?
  \.microsoft\.com
  \.windows\.com
  \.etc\.com\.com


Or perhapse the better version:

  acl goodsites dstdomain .microsoft.com .windows.com .etc.com.com

> 3. Accompanying ACLs for files above
> acl nodowns urlpath_regex -i "/path_to/nodowns.txt" # With quotation marks
> acl goodsites dstdomains -i "/path_to/goodsites.txt" # With quotation marks
>
> 4. Controlling Rule
> http_access deny nodowns !goodsites # Put it above any "allow" rule
>
> The above is my thinking, and I could do with correction.
>
> # Edmonds

Pretty much. The problem is that Chaitanya supplied no details about 
their config. Could be much simpler or much more complicated.

Amos

> On Fri, Jun 29, 2012 at 12:30 PM, Chaitanya Shastri wrote:
> > Hi Amos,
> >
> >     I have acl rules for preventing downloads on client machines. So a
> > client cannot download any file (for example, .exe, .zip .. etc ) on
> > his/her machine.
> > What I want is that all clients should be able to download any type of
> > file from certain trusted domain.
> > In short I want to allow a domain in my squid configuration from which
> > any client can download any type of file.
> >
> > Thanks.
> >
> > On Fri, Jun 29, 2012 at 1:15 PM, Amos Jeffries wrote:
> > > On 29/06/2012 6:10 p.m., Chaitanya Shastri wrote:
> > > > Hi list,
> > > >
> > > >     Is it possible to allow downloads from certain trusted sites?  I
> > > > tried using the url_regex acl to list certain trusted sites from which
> > > > our users can download any file.
> > > >
> > > >     Ex. acl allow_downloads url_regex -i ^http:\/\/example\.com
> > > >           http_reply_access allow allow_downloads localnet  # where
> > > > localnet is my LAN range
> > > >
> > > >     But its not working. Any ideas on how to get it work?
> > > >
> > > > Thanks.
> > >
> > > Any idea what is blocking them from working in the first place?
> > >
> > > Amos