FREQUENTLY ASKED QUESTIONS (Squid proxy)
Q: How to block particular file types or file extensions in squid proxy ?
Squid server can block/deny downloading particular file types like pictures, musics, videos, executable files etc. This file content filtering in squid is based on the file extension types like .exe, .mp3, .avi, .jpeg, .torrent, .zip etc.
Blocking file types in squid
First of all, create an ACL file includes all the file types to block downloading them.
[root@server ~]# vi /etc/squid/bad_files.acl
\.[Ee][Xx][Ee]$ #block downloading exe executable files
\.[Mm][Pp]3 $ #Block mp3 music files
\.[Zz][Ii][Pp]$ #Block ZIP archive files
\.[Jj][Pp][Ee][Gg]$ #Block jpeg picture files
\.[Aa][Vv][Ii]$ #Block avi video files
\.[Tt][Oo][Rr][Rr][Ee][Nn][Tt]$ #Block torrent files
Then, edit the squid configuration file and add an ACL for above created acl file.
[root@server ~]# vi /etc/squid/squid.conf
acl lan src 192.168.10.0/24 (specify address range to deny downloading files)
acl badfiles urlpath_regex "/etc/squid/bad_files.acl" (ACL for blocked file types)
http_access deny badfiles lan (Deny the file types to lan)
#(Add the above three lines and save the squid.conf file)
Restart or reload squid server
[root@server ~]# service squid reload
OR
[root@server ~]# service squid restart
#Verify the file type filtering/blocking by downloading any files from the Internet
Other Squid Related Articles
Q: How to block particular file types or file extensions in squid proxy ?
Squid server can block/deny downloading particular file types like pictures, musics, videos, executable files etc. This file content filtering in squid is based on the file extension types like .exe, .mp3, .avi, .jpeg, .torrent, .zip etc.
Blocking file types in squid
First of all, create an ACL file includes all the file types to block downloading them.
[root@server ~]# vi /etc/squid/bad_files.acl
\.[Ee][Xx][Ee]$ #block downloading exe executable files
\.[Mm][Pp]3 $ #Block mp3 music files
\.[Zz][Ii][Pp]$ #Block ZIP archive files
\.[Jj][Pp][Ee][Gg]$ #Block jpeg picture files
\.[Aa][Vv][Ii]$ #Block avi video files
\.[Tt][Oo][Rr][Rr][Ee][Nn][Tt]$ #Block torrent files
#(Add the above required file extensions types and save the file)
Then, edit the squid configuration file and add an ACL for above created acl file.
[root@server ~]# vi /etc/squid/squid.conf
acl lan src 192.168.10.0/24 (specify address range to deny downloading files)
acl badfiles urlpath_regex "/etc/squid/bad_files.acl" (ACL for blocked file types)
http_access deny badfiles lan (Deny the file types to lan)
#(Add the above three lines and save the squid.conf file)
Restart or reload squid server
[root@server ~]# service squid reload
OR
[root@server ~]# service squid restart
#Verify the file type filtering/blocking by downloading any files from the Internet
Other Squid Related Articles
5 comments:
Not worked for me if enable this on squid guard if any link that contain a word exe is also blocked .
this method will not apply for https links with blocked attachments.. For example when zip attachment is blocked you can still download through yahoo emails and or dropbox .. Any way to block all those as well that are going through https?
what did i do wrong?? the file exe is still can be downloaded :(
acl myNetwork src 192.168.0.0/16
acl blockDomain dstdomain "/etc/squid/blockDomains.txt"
acl allowMac arp "/etc/squid/mac.txt"
acl blockStreamVid rep_mime_type ^application/x-shockwave-flash
acl flashAd rep_mime_type application/x-shockwave-flash
acl badFiles urlpath_regex -i "/etc/squid/block_files.acl"
#acl badFiles urlpath_regex -i \.exe?$
#acl dlVidAu rep_mime_type ^*audio*$
acl audio_video_request req_mime_type -i ^audio/x-pn-releaudio$
acl audio_video_reply req_mime_type -i ^audio/x-pn-releaudio$
http_access deny blockDomain
http_access allow allowMac
http_reply_access deny blockStreamVid
http_reply_access deny flashAd
http_access deny badFiles
#http_reply_access deny dlVidAu
#http_access allow myNetwork
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
Thank you for posting this, and you can back this configuration up by blocking access to video domains with this blacklist. http://www.squidblacklist.org/downloads/squidblacklists/squid-video.tar.gz
how to block the .exe files when we use https?
in the above comments you mention about http, but when we add https to the url
it is downloading. Is any solution for blocking during https?
Post a Comment