i finally figured out why my blocking of mime types wasn't working
this is my good code now
#allow special URL paths
acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt"
#
#deny MIME types
acl mimetype rep_mime_type "/usr/local/squid/etc/mimedeny.txt"
#
http_reply_access allow special_url
http_reply_access deny mimetype
acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt"
#
#deny MIME types
acl mimetype rep_mime_type "/usr/local/squid/etc/mimedeny.txt"
#
http_reply_access allow special_url
http_reply_access deny mimetype
in my mime deny its
application/octet-stream
application/x-msi
application/zip
application/x-7z-compressed
application/vnd.ms-cab-compressed
application/x-msi
application/zip
application/x-7z-compressed
application/vnd.ms-cab-compressed
but in my url specials
it contains a mime type that im blocking but now it passes it through as i have put an allow specials before the deny mime types
and when i go to an adobe website to download an exe ie adobe reader dc, it detects it and blocks it as its an exe or octet stream
but then this was in my code aswell
#SSL Interception
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/squid/etc/interceptssl.txt"
ssl_bump splice NoSSLIntercept
ssl_bump peek DiscoverSNIHost
ssl_bump bump all
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/squid/etc/interceptssl.txt"
ssl_bump splice NoSSLIntercept
ssl_bump peek DiscoverSNIHost
ssl_bump bump all
and in my "interceptssl.txt" i stupidly put
and this was just allowing me to download the exe acrobat adobe reader, i was going nuts over this but i finally figured it out
thanks all
--
Regards,
Robert K Wild.
Robert K Wild.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
