download restriction over internet access using squid (proxy server)

pankajkarde · 03-20-2007, 04:51 AM

hi friends,
i have a REDHAT centos installed machine on which i have setup the
squid as a proxy server.now with this proxy server i have applied various restrictions over internet access using ACL(acces control
list).
now i want to apply restrictions over the download from internet.

will u please help me to solve this problem?

carl0ski · 03-20-2007, 06:08 AM

Quote:

Originally Posted by pankajkarde

hi friends,
i have a REDHAT centos installed machine on which i have setup the
squid as a proxy server.now with this proxy server i have applied various restrictions over internet access using ACL(acces control
list).
now i want to apply restrictions over the download from internet.

will u please help me to solve this problem?

Please elaberate

What downloads?

a $ sign symbolises a limiter

eg blocking

exe$ will block all url's that end with exe

Will block
www.flex.com/download.exe
www.flex.com/pageexe

will not block
www.flex.com/download.exe?index

[a-z]exe
will catch any letter between a and z followed by exe
eg will catch aexe bexe but not 1exe .exe etc

adding ^ means excluding, is not or inverted

[^a-z]exe
will block .exe 1exe 6exe

and not hexe gexe etc

here are the ones i use
[^a-z]exe[^a-z]
[^a-z]mp3[^a-z]
[^a-z]rm[^a-z]
[^a-z]torrent[^a-z]
[^a-z]vbs[^a-z]
[^a-z]asf[^a-z]
[^a-z]wmv[^a-z]
[^a-z]wma[^a-z]

whese will block file types but not words containing them such as arm hexen torrential sawman?

runnerfrog · 03-20-2007, 11:38 PM

Hi, pankajkarde.

Quote:

now i want to apply restrictions over the download from internet.

carl0ski already answered you what you asked. Have another example just to loose my time

:

ACL's in squid.conf

acl blockedtypereq req_mime_type -i ^application/x-msmetafile$
acl blockedtypereq req_mime_type -i application/x-msmetafile
acl blockedtyperep rep_mime_type -i ^application/x-msmetafile$
acl blockedtyperep rep_mime_type -i application/x-msmetafile

acl denyext url_regex -i \.asx$ \.avi$ \.iso$ \.mp3$ \.mpeg$ \.mpg$ \.qt$ \.ram$ \.rm$ \.wav$ \.wma$ \.wmf$ \.wmv$

In ACL chain, above others in squid.conf:

http_access deny blockedtyperep all
http_access deny blockedtypereq all
http_access deny denyext

And you have the second option, my favourite: adding a content filter like Dansguardian and just editing /etc/dansguardian/bannedextensionslist file.
Cheers.

EDIT: You posted twice!. Read the rules.

pankajkarde · 03-21-2007, 01:01 AM

hi friends,
solution which you have given to me for the download restriction is working fine.
thank you very much.

pankajkarde · 03-21-2007, 01:04 AM

The solution which you have given to me for download restriction is working fine.

thank you very much.