Re: [squid-users] filtering by file extension (was: problem with req_mime_type)

Tue, 04 May 2004 11:57:04 -0700

Emilio Casbas wrote:

> [EMAIL PROTECTED] wrote:
>
>> Hello,
>> Building an acl with urlpath_regex, for example to deny downloading .zip files is quite easy, if the downloading is happening from an ftp server.
>> However, preventing to do so from certain http servers can be a bit of a pain.
>> In a link below, there is a zip file:
>> http://www.sveasoft.com/modules/phpBB2/dlman.php?func=select_folder&folder_id=12
>> Clicking on it would result in downloading a zip file named Satori_v2_2.00.8.7sv-pre1.bin.zip.
>> However, Squid logs it as follows:
>> 1083673720.252 30799 195.143.49.115 TCP_MISS/200 3024638 GET http://www.sveasoft.com/modules/phpBB2/dlman.php? - DIRECT/213.242.178.190 application/x-zip-compressed
>> and therefore, this file I wanted to deny with urlpath_regex is passed through.
>> Is it possible to filter such files somehow, and if so, how?
>>
>>
> with the rep_mime_type and http_reply_access acl.


Actually, I can't use rep_mime_type; I don't really want to block downloading certain files, but rather have them scanned for viruses at another proxy (apache + mod_clamav); I thought the syntax would be the same, but as it appears, it is not.

Using rep_mime_type won't do it's task here, as it's too late for a Squid to decide if the file should go through another proxy rather than directly (Squid already has this file downloaded directly).

I can divide my problem into four parts, from the easiest to the most complicated:

We have a file like:

1) file like http://some.server/file.zip

easy to do a match:

acl scan_for_virus urlpath_regex -i \.zip$

and then appropriate always_direct or never_direct.


2) file like http://some.server/file.zip?blah&blah&blah

I bet it's safe to just omit "$" from 1)?

acl scan_for_virus urlpath_regex -i \.zip


3) http://some.server/file%2Ezip

I don't know how to do a match here?

would

acl scan_for_virus urlpath_regex -i \%2Ezip

work?


4) hardest:

http://www.sveasoft.com/modules/phpBB2/dlman.php?func=select_folder&folder_id=12

Clicking on it would result in downloading a zip file named
Satori_v2_2.00.8.7sv-pre1.bin.zip.

Is it possible to pass such files from 4) to another proxy (not to download such files directly)?


-- T.

Reply via email to