Re: [squid-users] problems detecting downloads with Squid
On Tue, 16 Mar 2004, Luis Miguel wrote: Thanks, it works not allowing this kind of download. Are there any way to pass this downloads to the redirector? It is already, but as you noticed there is no way for the redirector to tell that this is a download. This is because redirectors is called on the request before it is forwarded, and to know the returned mime type the request must have been forwarded and the response from the web server seen by Squid. Regards Henrik
[squid-users] problems detecting downloads with Squid
Hi all, I am using Squid 2.5.4-3 on linux, I am using squidguard as redirector to block all windows executables, all is working fine except for some webs that bypass squid, the .exe file dont show in the log files and the user can download it using the browser. The only log squid generates is: 1079005403.984377 192.168.0.167 TCP_MISS/200 3857 GET http://63.217.29.115/connect.php? - DIRECT/63.217.29.115 text/html 1079005404.704544 192.168.0.167 TCP_MISS/200 9924 GET http://63.217.29.115/download.php? - DIRECT/63.217.29.115 application/force-download but you get the .exe file. If someone want to check the URL: http://63.217.29.115/connect.php?did=od-stnd179 Beware, I think the file that is downloaded is some king of dialer/trojan Is there any way to detect this kind of downloads? or I am forgetting something. Greets.
Re: [squid-users] problems detecting downloads with Squid
On Mon, 15 Mar 2004, Luis Miguel wrote: Hi all, I am using Squid 2.5.4-3 on linux, I am using squidguard as redirector to block all windows executables, all is working fine except for some webs that bypass squid, the .exe file dont show in the log files and the user can download it using the browser. The only log squid generates is: 1079005403.984377 192.168.0.167 TCP_MISS/200 3857 GET http://63.217.29.115/connect.php? - DIRECT/63.217.29.115 text/html 1079005404.704544 192.168.0.167 TCP_MISS/200 9924 GET http://63.217.29.115/download.php? - DIRECT/63.217.29.115 application/force-download You can use the rep_mime_type acl in http_reply_access to block this kind of things.. Regards Henrik