[squid-users] Defending against new attacks

From: Brian M Dial <bdial@dont-contact.us>
Date: Tue, 25 Sep 2001 14:33:31 -0400

With the nimda virus semi-behind now, I'm looking at a way of protecting
from something like this in the future. The only thought I've had so
far is a way of filtering out executables from being downloaded from the
web.

I've looked at some threads similar to this in the logs but I have some
questions. Is there any better way then using a url pattern match to
handle this? I know I can use url_regex \.eml or \.exe or any
executable but is this the right way to be doing it? I've noticed that
since I used it to filter .exe, I've had a few problem with people
browsing sites that use .exe for their cgi extension and squid will deny
the client even though it's not trying to download it.

Is using url_regex based acl's really the best way to be doing this?

Thanks for any input,

-Brian

-- 
Brian M Dial
UNIX Systems Administrator
Rummel, Klepper & Kahl, LLP
Phone: 410.728.2900 x1329
Cell: 410.598.0742
http://www.rkkengineers.com
Received on Tue Sep 25 2001 - 14:08:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:29 MST