reply_header_access vs rep_mime_type to deny mime types

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

reply_header_access vs rep_mime_type to deny mime types

robert k Wild
hi all,

just want your thoughts on what the best acl is to deny mime types

atm i have this and it works really well

#deny MIME types
acl mimetype rep_mime_type "/usr/local/squid/etc/mimedeny.txt"
http_reply_access deny mimetype

and in my mime file i have this

cat /usr/local/squid/etc/mimedeny.txt
application/octet-stream
application/x-msi
application/zip
application/x-7z-compressed
application/vnd.ms-cab-compressed

would you say i should use the acl "reply_header_access" instead?

thanks,
rob
--
Regards,

Robert K Wild.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_header_access vs rep_mime_type to deny mime types

Amos Jeffries
Administrator
On 26/01/21 1:24 am, robert k Wild wrote:
> hi all,
>
> just want your thoughts on what the best acl is to deny mime types
>

Please explain what you mean by "deny mime types" ...


  Deliver the servers response but without telling the client what data
format it is using ?

  Prevent the servers response being delivered to the client ?


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_header_access vs rep_mime_type to deny mime types

robert k Wild
sorry Amos, i will explain why i use the "rep_mime_type"

so when users go to a website and click on a link to download and if that download is an .exe/.zip etc etc (on my mimedeny.txt ), squid will stop/block the download and instead they will get an access denied error displayed on the web page

im guessing by your reply this is not what the "reply_header_access"is used for

rob

On Mon, 25 Jan 2021 at 12:37, Amos Jeffries <[hidden email]> wrote:
On 26/01/21 1:24 am, robert k Wild wrote:
> hi all,
>
> just want your thoughts on what the best acl is to deny mime types
>

Please explain what you mean by "deny mime types" ...


  Deliver the servers response but without telling the client what data
format it is using ?

  Prevent the servers response being delivered to the client ?


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


--
Regards,

Robert K Wild.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_header_access vs rep_mime_type to deny mime types

Amos Jeffries
Administrator
On 26/01/21 1:47 am, robert k Wild wrote:

> sorry Amos, i will explain why i use the "rep_mime_type"
>
> so when users go to a website and click on a link to download and if
> that download is an .exe/.zip etc etc (on my mimedeny.txt ), squid will
> stop/block the download and instead they will get an access denied error
> displayed on the web page
>
> im guessing by your reply this is not what the "reply_header_access"is
> used for
>

Correct. "reply_header_access deny " is for removing specific headers
from sent responses. It will not do what you are wanting.

To forbid a whole reply you need "http_reply_access deny ".


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_header_access vs rep_mime_type to deny mime types

robert k Wild
Thanks Amos much appreciated

On Mon, 25 Jan 2021, 13:12 Amos Jeffries, <[hidden email]> wrote:
On 26/01/21 1:47 am, robert k Wild wrote:
> sorry Amos, i will explain why i use the "rep_mime_type"
>
> so when users go to a website and click on a link to download and if
> that download is an .exe/.zip etc etc (on my mimedeny.txt ), squid will
> stop/block the download and instead they will get an access denied error
> displayed on the web page
>
> im guessing by your reply this is not what the "reply_header_access"is
> used for
>

Correct. "reply_header_access deny " is for removing specific headers
from sent responses. It will not do what you are wanting.

To forbid a whole reply you need "http_reply_access deny ".


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users