关键字: sqluid 禁止下载 .exe
前一阵,想通过squid代理实现禁止一些用户下载.exe 文件的功能,检索了一些网站,自己犯了一个小小的错误,记录下来:
google到一些网站:
http://www.linuxmine.com/2613.html
直接加入如下acl denymine urlpath_regex .exe .zip
acl test src 172.16.1.8/255.255.255.255
http_access deny test denymine
http_access allow test
然后找一些网站测试,通过!我想干脆把.com,.dll,.scr,.ani的文件加入:
当天就发现用户抱怨不能连外网,自己在测试才发现不能连接的都是.com结尾的网站。很明显规则写错,自己在认真看了手册发现,链接如下:
http://www.visolve.com/squid/squid24s1/access_controls.php
Acl Type: url_regex
Description
The url_regex means to search the entire URL for the regular expression you specify. Note that these regular expressions are case-sensitive. To make them case-insensitive, use the -i option.
Usage acl aclname url_regex pattern
Example
acl ACLREG url_regex cooking
ACLREG refers to the url containing "cooking" not "Cooking"
Acl Type: urlpath_regex
Description
The urlpath_regex regular expression pattern matching from URL but without protocol and hostname. Note that these regular expressions are case-sensitive
Usage acl aclname urlpath_regex pattern
Example
acl ACLPATHREG urlpath_regex cooking
ACLPATHREG refers only containing "cooking'' not "Cooking"; and without referring protocol and hostname.
If URL is http://www.visolve.com/folder/subdir/cooking/first.html then this acltype only looks after http://www.visolve.com/ .
实际上应该使用的是正则表达式,应该把以上的规则修改如下:
acl denymine url_regex -i \.exe$ \.scr$ \.com$ \.ani$ \.dll$
使用-i 关闭大小写。看来以后测试看书看文档要认真一些,避免不必要的错误。
注:我目前不知道禁止一些.dll文件对上网有什么影响。
