Search squid archive

Re: Block doc documents

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Daniel,

We have something like this - but I am unsure if it is possible to differentiate the doc types you mentioned using first 256 bytes of contents. Also think about zips - may it be your users will be able to pack a file into zip and get through your protection.

See https://docs.diladele.com/administrator_guide_5_1/web_filter/policies/blocking_file_downloads.html

Best regards,
Rafael

-----Original Message-----
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Daniel Rieken
Sent: Tuesday, June 27, 2017 1:53 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject:  Block doc documents

Hello,

I would like to block my users from downloading doc- and docm-files, but not docx.

So this works fine for me:
/etc/squid3/blockExtensions.acl:
\.doc(\?.*)?$
\.docm(\?.*)?$

acl blockExtensions urlpath_regex -i "/etc/squid3/blockExtensions.acl"
http_access deny blockExtensions


But in some cases the URL doesn't contain the extension (e.g. doc).
For URLs like this the above ACL doesn't work:
- http://www.example.org/download.pl?file=wordfile
- http://www.example.org/invoice-5479657415/

Here I need to work with mime-types:
acl blockMime rep_mime_type application/msword acl blockMime rep_mime_type application/vnd.ms-word.document.macroEnabled.12
http_reply_access deny blockMime

This works fine, too. But I see a problem: The mime-type is defined on the webserver. So the badguy could configure his webserver to serve a doc-file as application/i.am.not.a.docfile and the above ACL isn't working anymore.
Is there any way to make squid block doc- and docm files based on the response-headers file-type?
Or in other words: Is squid able to match the "doc" in the Content-Disposition header of the response?

HTTP/1.0 200 OK
Date: Tue, 27 Jun 2017 11:40:57 GMT
Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Content-Type: application/baddoc
Content-Disposition: attachment;
filename="gescanntes-Dokument-VPPAW-072-JCD3032.doc"
Content-Transfer-Encoding: binary
X-Powered-By: PHP/5.3.29
Connection: close


Regards, Daniel
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux