[squid-users] ACL to block installation program
brendan kearney
bpk678 at gmail.com
Fri Apr 10 17:57:00 UTC 2015
I am in a policy enforcement role, and our policy making / auditing team
approached me about why they could download a jar file from a site that was
not explicitly allowed to provide java content (I.e. not on the
whitelist). It was because the mime type not being accurate.
On Apr 10, 2015 1:40 PM, "Yuri Voinov" <yvoinov at gmail.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I would never have such an idea had not occurred. The man asked - I
> answered. I know what you're talking about, and I would use ACL to URL for
> this.
>
> 10.04.15 23:32, brendan kearney пишет:
> > Be warned... a web server can be configured to send an arbitrary mime
> type
> > for any file. You may find .jar files with a mime type of html/text.
> Also
> > zipping a jar circumvents this check. Some ICAP servers have a "true
> > content type" check that does not rely on the headers which can be
> forged,
> > but actually looks at the file that was requested.
> > On Apr 10, 2015 5:00 AM, "Yuri Voinov" <yvoinov at gmail.com>
> <yvoinov at gmail.com> wrote:
> >
> >>
> > http://wiki.squid-cache.org/ConfigExamples/BlockingMimeTypes
> >
> >
> > 10.04.15 14:48, Fiorenza Meini пишет:
> > >>> Hi,
> > >>> is there a way to filter and block update programs which come from
> > Internet, for example java update or windows update , withouth using the
> > url of the web site, but working with header/mime types ?
> > >>>
> > >>> Thanks and regards
> > >>>
> > >>> Fiorenza Meini
> >
> >>
> >> _______________________________________________
> >> squid-users mailing list
> >> squid-users at lists.squid-cache.org
> >> http://lists.squid-cache.org/listinfo/squid-users
> >>
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJVKAsjAAoJENNXIZxhPexGXY8H/jeSErby+EvjHyFQ1SNNFg1F
> lrxZEVIPYNvNkv8cGCYC7Ye7JyIBOGmOjL6agOXXkwn6ch0qjb8ABP0LQYX/AfKV
> GQ76E/OQjO57I5QwFgt8a0T/EoR0Mpu2lcRDi/uLzcSnt5a7djeQCr0RI+GChNEc
> IbwjaI/SE2zeZfQGpiGFiUBtDs6W+bfS2QdhL75Y0+i/0r1d6Wc2CFndE41KGq9P
> OIwwdqXbWdhZh254amAWs9FWoqqhxM0HONksbds6DLTdwwHeRt8mdLx0WIrgG4uO
> py8r07Ml9tCQL55CcCHYpKOKtiJUZLizZRyptFZaYUiWaaW+m418CUJptDvChvU=
> =iCuZ
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150410/44bf872b/attachment.html>
More information about the squid-users
mailing list