Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-20-2006, 11:36 PM
|
#1
|
Member
Registered: Jan 2004
Location: Tucson, AZ
Distribution: Fedora
Posts: 44
Rep:
|
Blocking Executable Files with Squid
I am very new to Squid and having a hard time with blocking executable files. I am using this URL for testing http://www.eicar.com/download/eicar.com
The goal is to be able to block com, exe, etc. files from being downloaded. I have tried this acl:
Code:
acl denyext url_regex "/usr/local/squid/etc/denyext"
http_access deny denyext
I have in the external file. Your help will be greatly appreciated.
Last edited by LinuxLuvr; 03-20-2006 at 11:38 PM.
|
|
|
03-23-2006, 07:42 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
I have tried this acl
And? What's the error?
And what if you try "\.com$" (w/o the quotes)?
having a hard time with blocking executable files
To be clear you're not. You're blocking extensions.
|
|
|
03-23-2006, 08:54 PM
|
#3
|
Member
Registered: Jan 2004
Location: Tucson, AZ
Distribution: Fedora
Posts: 44
Original Poster
Rep:
|
In answer to your first question, there was no error. I was able to download the file (not a good thing).
As for
Quote:
having a hard time with blocking executable files
To be clear you're not. You're blocking extensions.
|
I KNOW it is extensions (of executable files when I am done) that I am blocking. I am looking toward the goal not the semantics or minutia. That's not to say I don't appreciate the help. As I said I am new to Squid and will pick up on the 'jargon' the longer I use it I am sure.
In short, thanks again for the help. I actually do have the '$' at the end and it still downloads.
Last edited by LinuxLuvr; 03-23-2006 at 08:59 PM.
|
|
|
03-24-2006, 06:49 AM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
I KNOW it is extensions (of executable files when I am done) that I am blocking. I am looking toward the goal not the semantics or minutia.
It's not a nit. Take for example an image with a WMF payload or downloading a binary as proto://some.site/dump&fileid=001 or reading a page proto://some.site/gif?section=win32&type=exe&search=process%20list. What I'm trying to point at is that extensions don't have to match or relate to contents.
In answer to your first question, there was no error.
Could you post your log/error log for one GET of the EICAR file plus squid conf (w/o the comment lines)?
|
|
|
03-25-2006, 05:54 PM
|
#5
|
Member
Registered: Jan 2004
Location: Tucson, AZ
Distribution: Fedora
Posts: 44
Original Poster
Rep:
|
OK. I figured out the problem. As it turned out, it was not the acl. The problem was was with the redirector_access directive. I had it denying the localhost, but not the host IP address. While looking at the log entry for the GET that you requested I noticed that it was denying downloads for localhost.
Thanks for the help!!
|
|
|
03-25-2006, 08:41 PM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
Found it yourself.
Well done.
|
|
|
All times are GMT -5. The time now is 05:39 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|