[squid-users] ACL to block installation program
Yuri Voinov
yvoinov at gmail.com
Fri Apr 10 18:40:31 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Agreed.
10.04.15 23:57, brendan kearney пишет:
> I am in a policy enforcement role, and our policy making / auditing team
> approached me about why they could download a jar file from a site
that was
> not explicitly allowed to provide java content (I.e. not on the
> whitelist). It was because the mime type not being accurate.
> On Apr 10, 2015 1:40 PM, "Yuri Voinov" <yvoinov at gmail.com> wrote:
>
>>
> I would never have such an idea had not occurred. The man asked - I
> answered. I know what you're talking about, and I would use ACL to URL for
> this.
>
> 10.04.15 23:32, brendan kearney пишет:
> >>> Be warned... a web server can be configured to send an arbitrary mime
> type
> >>> for any file. You may find .jar files with a mime type of html/text.
> Also
> >>> zipping a jar circumvents this check. Some ICAP servers have a "true
> >>> content type" check that does not rely on the headers which can be
> forged,
> >>> but actually looks at the file that was requested.
> >>> On Apr 10, 2015 5:00 AM, "Yuri Voinov" <yvoinov at gmail.com>
> <yvoinov at gmail.com> wrote:
> >>>
> >>>>
> >>> http://wiki.squid-cache.org/ConfigExamples/BlockingMimeTypes
> >>>
> >>>
> >>> 10.04.15 14:48, Fiorenza Meini пишет:
> >>>>>> Hi,
> >>>>>> is there a way to filter and block update programs which come from
> >>> Internet, for example java update or windows update , withouth
using the
> >>> url of the web site, but working with header/mime types ?
> >>>>>>
> >>>>>> Thanks and regards
> >>>>>>
> >>>>>> Fiorenza Meini
> >>>
> >>>>
> >>>> _______________________________________________
> >>>> squid-users mailing list
> >>>> squid-users at lists.squid-cache.org
> >>>> http://lists.squid-cache.org/listinfo/squid-users
> >>>>
> >>>
>
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVKBkfAAoJENNXIZxhPexGQD4H/2U2jQtNqkVS1Hk3gxkyWXeq
nf6ge0Kd+W92WtBWs4Hkf1vbifF9Z/TDckEaAH+SLQaDTr4/O+EeEtQTLLyFNj7Z
5G/RuuGJ+Y1CFwo8zG3x9qqP1ga3Q9PKKjf64k3zlZrEqgWamMksbSoWIEHaQat9
aDi+iGOTGeuF6RxRBFjw1G8nxtRGQAPIs2/B0WDDlY/sQuz7na7R5vDSZCD8O+6X
ywr6Fe3s3CsLrb6F5xxTEzQiofCDerZtszZ9A/OOOTz0XLdPvOqNQAmmhHYk4xQb
CdRREdz6K0wiecM7NFn+jocnet6ZnYP/Q7C5IB7PfiG2N+S0djueWHrmVqP7IVg=
=gWJ2
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150411/fbd2c014/attachment.html>
More information about the squid-users
mailing list