Hello Daniel, We have something like this - but I am unsure if it is possible to differentiate the doc types you mentioned using first 256 bytes of contents. Also think about zips - may it be your users will be able to pack a file into zip and get through your protection. See https://docs.diladele.com/administrator_guide_5_1/web_filter/policies/blocking_file_downloads.html Best regards, Rafael -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Daniel Rieken Sent: Tuesday, June 27, 2017 1:53 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Block doc documents Hello, I would like to block my users from downloading doc- and docm-files, but not docx. So this works fine for me: /etc/squid3/blockExtensions.acl: \.doc(\?.*)?$ \.docm(\?.*)?$ acl blockExtensions urlpath_regex -i "/etc/squid3/blockExtensions.acl" http_access deny blockExtensions But in some cases the URL doesn't contain the extension (e.g. doc). For URLs like this the above ACL doesn't work: - http://www.example.org/download.pl?file=wordfile - http://www.example.org/invoice-5479657415/ Here I need to work with mime-types: acl blockMime rep_mime_type application/msword acl blockMime rep_mime_type application/vnd.ms-word.document.macroEnabled.12 http_reply_access deny blockMime This works fine, too. But I see a problem: The mime-type is defined on the webserver. So the badguy could configure his webserver to serve a doc-file as application/i.am.not.a.docfile and the above ACL isn't working anymore. Is there any way to make squid block doc- and docm files based on the response-headers file-type? Or in other words: Is squid able to match the "doc" in the Content-Disposition header of the response? HTTP/1.0 200 OK Date: Tue, 27 Jun 2017 11:40:57 GMT Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Content-Type: application/baddoc Content-Disposition: attachment; filename="gescanntes-Dokument-VPPAW-072-JCD3032.doc" Content-Transfer-Encoding: binary X-Powered-By: PHP/5.3.29 Connection: close Regards, Daniel _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users