[squid-users] found out why my "rep_mime_type" wasnt working
robert k Wild
robertkwild at gmail.com
Thu Nov 26 14:05:58 UTC 2020
i finally figured out why my blocking of mime types wasn't working
this is my good code now
#allow special URL paths
acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt"
#
#deny MIME types
acl mimetype rep_mime_type "/usr/local/squid/etc/mimedeny.txt"
#
http_reply_access allow special_url
http_reply_access deny mimetype
in my mime deny its
application/octet-stream
application/x-msi
application/zip
application/x-7z-compressed
application/vnd.ms-cab-compressed
but in my url specials
http://ccmdl.adobe.com/AdobeProducts/KCCC/1/win64/packages/
it contains a mime type that im blocking but now it passes it through as i
have put an allow specials before the deny mime types
and when i go to an adobe website to download an exe ie adobe reader dc, it
detects it and blocks it as its an exe or octet stream
but then this was in my code aswell
#SSL Interception
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex -i
"/usr/local/squid/etc/interceptssl.txt"
ssl_bump splice NoSSLIntercept
ssl_bump peek DiscoverSNIHost
ssl_bump bump all
and in my "interceptssl.txt" i stupidly put
.adobe.com
and this was just allowing me to download the exe acrobat adobe reader, i
was going nuts over this but i finally figured it out
thanks all
--
Regards,
Robert K Wild.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201126/272f73e8/attachment.htm>
More information about the squid-users
mailing list