[squid-users] ACL Bypassing

From: Jorge Cuellar Martinez <jorge.cuellar@dont-contact.us>
Date: Tue, 23 Oct 2001 13:47:19 -0500

I have a problem with file download blocking... i used to block the download
of executable files, and multimedia files...

but i have noticed that if you add a question mark and some values, you can
bypass the acls that denies the access to that files...

example:
acl mp3 url_regex \.mp3($|\?)
http_access deny mp3

this URL will be denied by my rule:
http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3
<http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3>
and even this one:
<http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3>
http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3?

then if i add a question mark to the url and some values like:

http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3?bypass=dow
nloadmyfile
<http://www.mp3downloadsite.com/download/aerosmith%20-%20crazy.mp3?bypass=do
wnloadmyfile>

squid will serve the file

¿any comments?

<mailto:jorge.cuellar@sat.gob.mx> Jorge Cuéllar.
Servicio de <http://www.sat.gob.mx/> Administración Tributaria
<http://intrasat/Dgti/Aco/default.htm> Seguridad Informática
Tel: 5483-1105 Extensión 7167
<http://www.esmas.com/skytel/mensajes/> Skytel PIN:
<mailto:5583533@skytel.com.mx> 5583533

Received on Tue Oct 23 2001 - 12:46:19 MDT

This message: [ Message body ]
Next message: Mohsin Khan: "Re: [squid-users] Cache_dir disk problems with more info"
Previous message: Henrik Nordstrom: "Re: [squid-users] hostnames"
Next in thread: Mohsin Khan: "Re: [squid-users] ACL Bypassing"
Reply: Mohsin Khan: "Re: [squid-users] ACL Bypassing"
Reply: Henrik Nordstrom: "Re: [squid-users] ACL Bypassing"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:04 MST