Hallo,
i use two possiblities to deny download:
download-list:
===========
src downloaduser
{
userlist /opt/squidGuard/bank/downloaduser/downloaduser
}
dest download
{
expressionlist /opt/squidGuard/blacklists/downloadexpressions
}
downloaduser {
pass !blacklist !download all
redirect http://127.0.0.1/cgi-bin/blocked.pl?clientaddr=%a&url=%u&group=%
s&user=%i
}
blacklist is the blacklist-definition,
/opt/squidGuard/blacklists/downloadexpressions:
\.(bat|cmd|gz|rpm|shs|tar|rar|tgz|vbs|zip)($|\?)
\.(exe)($|\?$)
\.(ra?m|mid|mpe?g?|mov|movie|qt|avi|dif|dvd?|mpv2|mp3|eml|smi)($|\?)
this list is not to good, because of unknown suffixe. only known suffixe are denied.
suffixlist:
=======
src suffixuser
{
userlist /opt/squidGuard/bank/suffixuser/suffixuser
}
dest suffixexpressions
{
expressionlist /opt/squidGuard/blacklists/suffixexpressions
}
suffixuser {
pass !blacklist !download suffixexpressions none
redirect http://127.0.0.1/cgi-bin/blocked.pl?clientaddr=%a&url=%u&group=%
s&user=%i
}
blacklist is the blacklist-definition, download is the download-definition
/opt/squidGuard/blacklists/suffixexpressions:
(allowed regular expressions):
:443
\.$
/[^.]*$
[%*+;,_!()�$&?=-][^/]*$
\.(htm|htx|idc|html|shtml|jhtml|phtml|sqhtml|cfm|cnf)($|\?)
\.(doc|ppt|xls|pps|ldb|mda|mdb)($|\?)
\.(sdw|123|wk1|wk2|wk3|wk4|prz|pre|lwp|sam|mwp|smm)($|\?)
\.(ico|bmp|gif|jpg|jpe|jpeg|png|tif|tiff|pcx|xbm|bild)($|\?)
\.(pdf|txt|text|ps|eps|nsf|dll|ivw)($|\?)
\.(wml|xml|xsl|cer|crt|der)($|\?)
\.(php|php3|php4|php5|cgi|pl|tpl|sh)($|\?)
\.(js|jse|jsp|jar|css|class|asp|aspx|swf)($|\?)
\.(mv|de|ssl|csv|do|dll)($|\?)
\.(action)($|\?)
(img\.web\.de/)
the advantage is the fact, that there is no possiblity to download wrong suffixe like
nimda-
virus (.eml) or other problems. i use the suffix-list and there is no problem.
With
\.$
/[^.]*$
[%*+;,_!()�$&?=-][^/]*$
i deny the download of files like domain.country/path/path/filename.suffix
all exeptions like .htm and .html must be define in the file, too.
Greetings
Heinz Ahrens
