HPE Community
Operating System - Linux
1822430 Members
2879 Online
109642 Solutions
New Discussion юеВ

Disabling download on Squid

 
SOLVED
Go to solution
Francis Ancheta
Frequent Advisor

тАО06-17-2003 08:13 PM

тАО06-17-2003 08:13 PM

Disabling download on Squid

Is it possible to disable file downloads in Squid? I need my clients just to be able to browse but not download files from the internet. If so can I define clients who can download and those who may cannot.
0 Kudos
Reply
4 REPLIES 4
Stuart Browne
Honored Contributor

тАО06-17-2003 08:32 PM

тАО06-17-2003 08:32 PM

Re: Disabling download on Squid

Unfortunately it's not really that simple, as all 'browsing' is just downloading 'files'.

Using access lists however you can deny users the ability given types of files (i.e. *.exe, *.zip etc. etc.).

Have a look through the squid configuration guide, in particular, the area regarding Access Lists, and the keywords 'url_regex' or 'urlpath_regex'.

http://www.squid-cache.org/ is your friend *nod* :)
One long-haired git at your service...
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО06-17-2003 08:54 PM

тАО06-17-2003 08:54 PM

Solution

Re: Disabling download on Squid

Hi,

You can completely disable FTP downloads , put these files in squid.conf

acl FTP protocol FTP
http_access deny FTP

But still users will able to download files thru HTTP protocol which is given as a option in major download sites to support multiple channel downloads and resumable downloads using tools like Download Accelerator Plus.

In this case you have to use regex filtering capabilities of squid , of which configuration is awkward and needs thorough understanding of rules.

Edit squid.conf

acl exe-filter urlpath_regex -i \.exe$
http_access deny exe-filter

acl zipfiles-filter urlpath_regex -i \.zip$
http_access deny zipfiles-filter

acl msi-filter urlpath_regex -i \.msi$
http_access deny msi-filter

acl mp3-filter urlpath_regex -i \.mp3$
http_access deny mp3-filter

acl gz-filter urlpath_regex -i \.gz$
http_access deny gz-filter

acl tar-filter urlpath_regex -i \.tar$
http_access deny tar-filter

acl mpeg-filter urlpath_regex -i \.mpeg$
http_access deny mpeg-filter

Best way is to use Dansguardian open source content filtering software which will ofcourse perform blocking files operation.

http://www.dansguardian.org

edit the /etc/dansguardian/bannedextensionlist
edit the /etc/dansguardian/bannedmimetypelist

regards,

U.SivaKumar















Innovations are made when conventions are broken
Reply
Balaji N
Honored Contributor

тАО06-17-2003 09:02 PM

тАО06-17-2003 09:02 PM

Re: Disabling download on Squid

hi

browsing / downloading are one and the same as long as html files are concerned. so if u want to block downloading html files, u are actually blocking browsing.

but if you know specifically the files you want to block, like *.mp3, *.exe etc, then u can block them by specifiying an ACL.


acl EXE urlpath_regex \.[eE][xX][eE]
http_access deny EXE

and u can have different ACL's for allowing / disallowing based on authentication.

hth
-balaji (google is my friend. is it urs?)
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
Francis Ancheta
Frequent Advisor

тАО06-17-2003 10:27 PM

тАО06-17-2003 10:27 PM

Re: Disabling download on Squid

Hi,

Thanks for the info. based your replies I cannot do a filtering of clients. Once I put out a rule it will be in general.

Maybe I can put another proxy server that will cater for pc's that needs to have download enabled.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.