Squid: rep_mime_type or req_mime_type

Palula · 05-13-2010, 08:57 PM

I would like to block some files accessed by the staff in my company and verified that this can be accomplished using mimetypes. So I read on the web that this could do the trick:

1 - Basically create the acl:

Code:

acl mimeblock rep_mime_type -i "\absolute_path\filename"

2 - Create a file in "\absolute_path\filename" that corresponds with all the mimetypes I´d like to block. In example:

Code:

^application/x-pn-mpg$
^application/vnd.ms-powerpoint$
^application/asx$
^application/x-mplayer2$
^application/vnd.ms-asf$
^application/x-msn-messenger$
^application/ymsgr$

^image/mpg$

^video/x-ms-wmv$
^video/mpeg$
^video/mpg$
^video/x-mpg$
^video/mpeg2$
^video/x-mpeg$
^video/x-mpeg2a$
^video/x-ms-asf$
^video/x-ms-asf-plugin$
^video/x-ms-wm$
^video/x-ms-wmx$
^video/x-pn-realvideo$
^video/quicktime$
^video/x-msvideo$
^video/mp4v-es$

^audio/basic$
^audio/x-wav$
^audio/x-mpegurl$
^audio/mpeg$
^audio/x-mpeg$
^audio/mp3$
^audio/x-mp3$
^audio/mpeg3$
^audio/x-mpeg3$
^audio/mpg$
^audio/x-mpg$
^audio/x-mpegaudio$
^audio/x-ms-wma$
^audio/asf$
^audio/vnd.rn-realaudio$
^audio/x-pn-realaudio$
^audio/x-realaudio$
^audio/x-pm-realaudio-plugin$
^audio/x-pn-realvideo$
^audio/x-aiff$
^audio/mp4$

3 - Define the order to put the subsequent line within squid.conf to "execute" the acl:

Code:

http_reply_access deny mimeblock

--------------------------------

3 questions:

1 - Can anybody tell the difference between these squid directives: rep_mime_type & req_mime_type?

2 - Why do all mimetypes start with "^"; and end with "$"?

3 - Is the configuration above making sense to you?

Thank you very much!!!

thecarpy · 05-14-2010, 06:57 PM

1. From what I can see, it should be req_mime_type as well. Makes sense, req being, request and rep_mime_type is for post, methinks. So they cannot download nor upload the specified mime-types. You only block uploads here ... is that what you want?

2. Look up regular expressions ... in regular expressions, ^ means "stating with" and $ means "ending with". A bit like GLOB *blabla and blabla*. You know GLOB, maybe not from the name, when you open a command prompt on Windows, that is what you use ... you know, the ? and * business ... ;-) Oh, and do not look-up regular expressions on Microsoft sites, they tried to implement it in powershell and failed miserably ... LOL.

3. I would not know if this configuration makes sense ... sorry. But I would not like to work at your company ;-).
But it should be

http_reply_access deny mimeblockp
And if you want to stop them from downloading:
acl mimeblock req_mime_type -i "/absolute_path/filename"
http_access deny mimeblockq

About squid, check this out:
http://www.visolve.com/squid/squid24...s_controls.php

And in Linux, you use / and not \ as a path separator ... ;-)

PS: Sorry for the many updates, it's late, I'm tired.... need a beer!