Preventing file downloads with Squid

soumalya · 11-20-2007, 09:32 PM

Sir

in my office i facing a prob in linux internet server running squid.

there is one ip is downloading huge files everyday thats why our download limit is crossed.

i can stop him doing this.

is there any way to stop downloading .exe, .mp3,.rar,.zip,.doc files for ta perticular ip. he can access website but cant download these type file from internet anyway.

thanks in advance

win32sux · 11-20-2007, 09:39 PM

Sure, one way would be to use regular expression ACLs on his IP, like:

Code:

acl bandwidth_hog src 192.168.1.104
acl exe urlpath_regex -i \.exe$
acl mp3 urlpath_regex -i \.mp3$
acl rar urlpath_regex -i \.rar$
acl zip urlpath_regex -i \.zip$
acl doc urlpath_regex -i \.doc$
http_access deny bandwidth_hog exe mp3 rar zip doc

I think you can also specify multiple patterns on a single line, like:

Code:

acl bandwidth_hog src 192.168.1.104
acl bad_extensions urlpath_regex -i \.exe$ \.mp3$ \.rar$ \.zip$ \.doc$
http_access deny bandwidth_hog bad_extensions

Of course, you can also call a separate file with all the extension's expressions in it, like:

Code:

acl bandwidth_hog src 192.168.1.104
acl bad_extensions urlpath_regex -i "/etc/bad-extensions.txt"
http_access deny bandwidth_hog bad_extensions

I don't have access to a Squid box to test at this precise moment so take these examples with a grain of salt.

NOTE: I've edited the thread title, as "squid" is just way too vague.

soumalya · 11-21-2007, 11:09 PM

than you 4 ur reply

i have tried 2nd solution and its working.

can u pls tell me how to write the extensions in bad-extensions.txt in ur 3rd solution.

how to do same think more than one or all ip ?

thanks again

win32sux · 11-22-2007, 02:48 AM

Quote:

Originally Posted by soumalya

can u pls tell me how to write the extensions in bad-extensions.txt in ur 3rd solution.

IIRC, just put one expression per line in the file, like:

Code:

\.exe$
\.mp3$
\.rar$
\.zip$
\.doc$

Quote:

how to do same think more than one or all ip ?

To affect only specific IPs, you can use an ACL for each, like:

Code:

acl bandwidth_hog1 src 192.168.1.104
acl bandwidth_hog2 src 192.168.1.111
acl bandwidth_hog3 src 192.168.1.159
acl bad_extensions urlpath_regex -i \.exe$ \.mp3$ \.rar$ \.zip$ \.doc$
http_access deny bandwidth_hog1 bad_extensions
http_access deny bandwidth_hog2 bad_extensions
http_access deny bandwidth_hog3 bad_extensions

Or you can specify a range of IPs instead, like:

Code:

acl bandwidth_hogs src 192.168.1.110-192.168.1.166
acl bad_extensions urlpath_regex -i \.exe$ \.mp3$ \.rar$ \.zip$ \.doc$
http_access deny bandwidth_hogs bad_extensions

To affect everyone, use the "all" ACL, which should exist by default:

Code:

acl bad_extensions urlpath_regex -i \.exe$ \.mp3$ \.rar$ \.zip$ \.doc$
http_access deny all bad_extensions

soumalya · 11-23-2007, 02:53 AM

thank you Sir.