Neil,
Yep, I thought that may have been the case. Thought I'd ask though!
Thanks again.
John
-----Original Message-----
From: Neil A. Hillard [mailto:hillardn@whl.co.uk]
Sent: 18 January 2005 13:47
To: John O'Reilly
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Problem blocking files with urlpath_regex acl
John,
On Tue, 18 Jan 2005 JOReilly@itisholdings.com wrote:
> Many thanks, that cleared the problem!
No probs. Glad to be of assistance.
> However, I have now noticed another problem - it seems I am unable to
block
> these downloads if they are done in a secure https session. The rules just
> don't seem to be applied in this case.
>
> Can anyone maybe offer any advice on this?
There really isn't anything that you can do about this. As everything is
encrypted, the proxy doesn't see the request or header. All the proxy
sees is a request to CONNECT to the remote server.
ATB,
Neil.
> -----Original Message-----
> From: Neil A. Hillard [mailto:hillardn@whl.co.uk]
> Sent: 18 January 2005 11:50
> To: John O'Reilly
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Problem blocking files with urlpath_regex acl
>
>
> John,
>
> On Tue, 18 Jan 2005 JOReilly@itisholdings.com wrote:
>
> > Hi,
> >
> > I'm having a few problems trying to block file downloads with Squid. I
> have
> > a file called 'restricted_files' with the following contents:
> >
> > \.7z$
> <snip>
> > \.gz$
> > \.gz?
> > \.gz;
> <snip>
> > \.zoo;
> >
> > And I have the following setup in my squid.conf:
> >
> > acl User1 proxy_auth user1
> > acl User2 proxy_auth user2
> > acl BlockedDownloads urlpath_regex -i "/usr/local/ITIS/restricted_files"
> >
> > http_access allow User1
> > http_access deny BlockedDownloads
> > http_access allow User2
> >
> > Now, if I authenticate as user1, I can download all files with no
> problems.
> > However, if I authenticate as user2, and browse to - for example -
> > www.google.co.uk, cache.log is showing that the following URL's are
> blocked
> > because they match 'BlockedDownloads':
> >
> > http://www.google.co.uk/intl/en-uk/images/logo.gif
> > http://www.google.co.uk/favicon.ico
> >
> > However, these extensions are not in my list! I notice similar results
on
> > other sites, with files getting blocked that shouldn't be.
> >
> > Can anyone offer me any help on this?
> I believe that the following regex will be matching .gif files:
>
> \.gz?
>
> ? means minimal match so it will match either '.g' or '.gz'. You'll nee d
> to escape a question mark:
>
> \.gz\?
>
> Hope this helps,
>
>
> Neil.
>
>
-- Neil Hillard hillardn@whl.co.uk Westland Helicopters Ltd. http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd. ITIS Holdings plc www.itisholdings.com Station House, Stamford New Road Altrincham, Cheshire WA14 1EP +44(0)161 927 3600 +44(0)161 929 5074 (fax) Internet communications are not secure and therefore ITIS Holdings cannot accept responsibility for the contents of this message. If you wish to verify that this email is genuine please contact us at the address above. This email is confidential and is intended only for the named recipient. If you are not the intended recipient, any dissemination, copying or disclosure of this message is strictly prohibited. If you have received this email in error please delete this email and contact us immediately. Any personal opinions expressed in this email are those of the sender and should not be taken as being representative of ITIS Holdings plc.Received on Tue Jan 18 2005 - 07:20:59 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST