deny extensions not working for some https

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

deny extensions not working for some https

robert k Wild
so i have made this

#deny extension types
acl exttype urlpath_regex -i "/usr/local/squid/etc/extdeny.txt"
http_access deny exttype

/usr/local/squid/etc/extdeny.txt

\.exe(\?.*)?$
\.msi(\?.*)?$
\.msu(\?.*)?$
\.zip(\?.*)?$
\.iso(\?.*)?$

the majority of websites it works, like 7zip, anydesk, teamviewer etc etc

but when i go on this link below it downloads it and i dont know why


thanks,
rob


--
Regards,

Robert K Wild.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: deny extensions not working for some https

Amos Jeffries
Administrator
On 11/05/20 11:00 am, robert k Wild wrote:

> so i have made this
>
> #deny extension types
> acl exttype urlpath_regex -i "/usr/local/squid/etc/extdeny.txt"
> http_access deny exttype
>
> /usr/local/squid/etc/extdeny.txt
>
> \.exe(\?.*)?$
> \.msi(\?.*)?$
> \.msu(\?.*)?$
> \.zip(\?.*)?$
> \.iso(\?.*)?$
>
> the majority of websites it works, like 7zip, anydesk, teamviewer etc etc
>
> but when i go on this link below it downloads it and i dont know why
>
> https://www.microsoft.com/en-us/download/confirmation.aspx?id=5842
>


Because that URL does not contain any of the forbidden "file type" strings.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: deny extensions not working for some https

robert k Wild
It ends in an iso extension tho or am I wrong? 

On Mon, 11 May 2020, 01:06 Amos Jeffries, <[hidden email]> wrote:
On 11/05/20 11:00 am, robert k Wild wrote:
> so i have made this
>
> #deny extension types
> acl exttype urlpath_regex -i "/usr/local/squid/etc/extdeny.txt"
> http_access deny exttype
>
> /usr/local/squid/etc/extdeny.txt
>
> \.exe(\?.*)?$
> \.msi(\?.*)?$
> \.msu(\?.*)?$
> \.zip(\?.*)?$
> \.iso(\?.*)?$
>
> the majority of websites it works, like 7zip, anydesk, teamviewer etc etc
>
> but when i go on this link below it downloads it and i dont know why
>
> https://www.microsoft.com/en-us/download/confirmation.aspx?id=5842
>


Because that URL does not contain any of the forbidden "file type" strings.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: deny extensions not working for some https

robert k Wild
Sorry I mean when you click that url link it downloads an iso file

Your right that url link ends with

id=5842


On Mon, 11 May 2020, 01:17 robert k Wild, <[hidden email]> wrote:
It ends in an iso extension tho or am I wrong? 

On Mon, 11 May 2020, 01:06 Amos Jeffries, <[hidden email]> wrote:
On 11/05/20 11:00 am, robert k Wild wrote:
> so i have made this
>
> #deny extension types
> acl exttype urlpath_regex -i "/usr/local/squid/etc/extdeny.txt"
> http_access deny exttype
>
> /usr/local/squid/etc/extdeny.txt
>
> \.exe(\?.*)?$
> \.msi(\?.*)?$
> \.msu(\?.*)?$
> \.zip(\?.*)?$
> \.iso(\?.*)?$
>
> the majority of websites it works, like 7zip, anydesk, teamviewer etc etc
>
> but when i go on this link below it downloads it and i dont know why
>
> https://www.microsoft.com/en-us/download/confirmation.aspx?id=5842
>


Because that URL does not contain any of the forbidden "file type" strings.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: deny extensions not working for some https

Amos Jeffries
Administrator
On 11/05/20 12:21 pm, robert k Wild wrote:
> Sorry I mean when you click that url link it downloads an iso file
>
> Your right that url link ends with
>
> id=5842
>

Actually that is ".aspx" - the pattern I gave you ignores the query-string.

There is actually no relationship between file type and URL - it is an
illusion from some sites design. This is why the Content-Type response
header *also* has to be checked.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users