LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-20-2006, 11:36 PM   #1
LinuxLuvr
Member
 
Registered: Jan 2004
Location: Tucson, AZ
Distribution: Fedora
Posts: 44

Rep: Reputation: 15
Blocking Executable Files with Squid


I am very new to Squid and having a hard time with blocking executable files. I am using this URL for testing http://www.eicar.com/download/eicar.com
The goal is to be able to block com, exe, etc. files from being downloaded. I have tried this acl:
Code:
acl denyext url_regex "/usr/local/squid/etc/denyext"
http_access deny denyext
I have
Code:
\.com
in the external file. Your help will be greatly appreciated.

Last edited by LinuxLuvr; 03-20-2006 at 11:38 PM.
 
Old 03-23-2006, 07:42 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
I have tried this acl
And? What's the error?
And what if you try "\.com$" (w/o the quotes)?


having a hard time with blocking executable files
To be clear you're not. You're blocking extensions.
 
Old 03-23-2006, 08:54 PM   #3
LinuxLuvr
Member
 
Registered: Jan 2004
Location: Tucson, AZ
Distribution: Fedora
Posts: 44

Original Poster
Rep: Reputation: 15
In answer to your first question, there was no error. I was able to download the file (not a good thing).

As for
Quote:
having a hard time with blocking executable files
To be clear you're not. You're blocking extensions.
I KNOW it is extensions (of executable files when I am done) that I am blocking. I am looking toward the goal not the semantics or minutia. That's not to say I don't appreciate the help. As I said I am new to Squid and will pick up on the 'jargon' the longer I use it I am sure.

In short, thanks again for the help. I actually do have the '$' at the end and it still downloads.

Last edited by LinuxLuvr; 03-23-2006 at 08:59 PM.
 
Old 03-24-2006, 06:49 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
I KNOW it is extensions (of executable files when I am done) that I am blocking. I am looking toward the goal not the semantics or minutia.
It's not a nit. Take for example an image with a WMF payload or downloading a binary as proto://some.site/dump&fileid=001 or reading a page proto://some.site/gif?section=win32&type=exe&search=process%20list. What I'm trying to point at is that extensions don't have to match or relate to contents.


In answer to your first question, there was no error.
Could you post your log/error log for one GET of the EICAR file plus squid conf (w/o the comment lines)?
 
Old 03-25-2006, 05:54 PM   #5
LinuxLuvr
Member
 
Registered: Jan 2004
Location: Tucson, AZ
Distribution: Fedora
Posts: 44

Original Poster
Rep: Reputation: 15
OK. I figured out the problem. As it turned out, it was not the acl. The problem was was with the redirector_access directive. I had it denying the localhost, but not the host IP address. While looking at the log entry for the GET that you requested I noticed that it was denying downloads for localhost.

Thanks for the help!!
 
Old 03-25-2006, 08:41 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
Found it yourself.
Well done.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SQUID for blocking yahoo and msn [inc squid.conf] chrisfirestar Linux - Security 10 03-03-2008 09:33 AM
Squid IP BLOCKING secrets Linux - Networking 4 06-14-2007 11:36 AM
Squid blocking large files ivanatora Linux - Software 1 05-06-2005 01:51 PM
Blocking squid through iptables jomy Linux - Networking 1 12-20-2004 10:24 AM
Squid is blocking me out of one particular website. danielw Linux - Software 0 07-03-2004 12:30 AM


All times are GMT -5. The time now is 04:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration