Re: [squid-users] Allowing downloads from certain sites

From: Edmonds Namasenda <namasenda_at_gmail.com>
Date: Fri, 29 Jun 2012 15:02:27 +0300

>> Shastri, try the below
>>
>> Assume...
>> 1. Preventing Downloads File (nodowns.txt) has the following
>> \.msi$
>> \.exe$
>> \.zip$
>> \.etc$

The above is regex

>>
>> 2. Trusted Sites File (goodsites.txt) has the following
>> *.*microsoft*.com*
>> *.*windows*.com*
>> *.*etc*.com*.com*
>
>
> WTF? Does regex even accept that?
>
> *.*microsoft*.com*

Amos, the above is dstdomain. You must have missed the regex entries
before this.

>
>  ==>   (zero or more 'nothings')(zero or more characters)(the text
> "microsof")(zero or more 't' characters)(any single character)(thetext
> "co")(zero or more 'm' characters)
>
> Don't you mean this?
>  \.microsoft\.com
>  \.windows\.com
>  \.etc\.com\.com
>

Thanks for that insight.

>
> Or perhapse the better version:
>
>  acl goodsites dstdomain .microsoft.com .windows.com .etc.com.com
>
>

Will that not be too much is you have a long list of sites?

>>
>> 3. Accompanying ACLs for files above
>> acl nodowns urlpath_regex -i "/path_to/nodowns.txt" # With quotation marks
>> acl goodsites dstdomains -i "/path_to/goodsites.txt" # With quotation
>> marks
>>
>> 4. Controlling Rule
>> http_access deny nodowns !goodsites # Put it above any "allow" rule
>>
>> The above is my thinking, and I could do with correction.
>>
>> # Edmonds
>
>
> Pretty much. The problem is that Chaitanya supplied no details about their
> config. Could be much simpler or much more complicated.
>
> Amos
>
>>
>> On Fri, Jun 29, 2012 at 12:30 PM, Chaitanya Shastri wrote:
>>>
>>> Hi Amos,
>>>
>>>    I have acl rules for preventing downloads on client machines. So a
>>> client cannot download any file (for example, .exe, .zip .. etc ) on
>>> his/her machine.
>>> What I want is that all clients should be able to download any type of
>>> file from certain trusted domain.
>>> In short I want to allow a domain in my squid configuration from which
>>> any client can download any type of file.
>>>
>>> Thanks.
>>>
>>> On Fri, Jun 29, 2012 at 1:15 PM, Amos Jeffries wrote:
>>>>
>>>> On 29/06/2012 6:10 p.m., Chaitanya Shastri wrote:
>>>>>
>>>>> Hi list,
>>>>>
>>>>>    Is it possible to allow downloads from certain trusted sites?  I
>>>>> tried using the url_regex acl to list certain trusted sites from which
>>>>> our users can download any file.
>>>>>
>>>>>    Ex. acl allow_downloads url_regex -i ^http:\/\/example\.com
>>>>>          http_reply_access allow allow_downloads localnet  # where
>>>>> localnet is my LAN range
>>>>>
>>>>>    But its not working. Any ideas on how to get it work?
>>>>>
>>>>> Thanks.
>>>>
>>>>
>>>> Any idea what is blocking them from working in the first place?
>>>>
>>>> Amos
>>>>
Received on Fri Jun 29 2012 - 12:02:35 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 29 2012 - 12:00:04 MDT