Question: How effective blocking extensions on PFSense?
-
Does anyone know how to block extension. exe,. bat using squid + squidguard on pfsense?
I've tried several ways but without success.Thank you.
-
Last I heard it was working well, though I don't recall the specifics.
What exactly have you tried so far?
-
I appreciate the feedback.
I tried to create an ACL in the Squid Proxy server: General settings> Custom Optionsacl extension url_regex .exe$;http_access deny all extension;
Another attempt: In SquidGuard> Destinations, the addition of the following regular expressions in BlackList
..exe|
(download|downloads|file|files|image|picture|flash)..(exe|dll|wav|gif|zip|tar)|
(..(zip|rar|cab|mp3|avi|mpg|swf|exe|mpeg|mpv|mp3))|(\ /download.|\ /. mp3)However I can download.
-
Select you Destination category in the ACL or Default.
-
Thank you all for your help
I had tried several solutions.
I made a new destination in SquidGuard with the regular expression .exe
And Proxy filter SquidGuard: Default> Destination rules deny that I configured as destination
Uncheck the box to enable Proxy filter SquidGuard: General Settings, Apply, Save.
I marked the box, apply, save.
And even reboot the server.After that, it worked perfectly
Happy New Year -
If your regular expression is just the bare word "exe" you're going to run into a ton of overblocking.
-
Sorry I wrote wrong.
Should be ".exe"
The correct phrase above -
You definitely want to research how regular expressions work. .exe will not block what you think it will.
-
But ".*.exe" or ".exe" worked.
If it's wrong, what is the correct way to block downloads .exe? -
This will probably help clarify:
http://www.squidguard.org/Doc/expressionlist.html
.exe will overblock as the . is treated as a wild card. Using \ will escape it so .exe will be a more correct approach. Mind you, .exe isn't the only executable file extension:
http://antivirus.about.com/od/securitytips/a/fileextview.htm
-
Not to mention that without being properly anchored as .exe$, it would match .exe in the middle of any URL
So if some random page was formatted like www.somerandomnewssite.com/story/embezzling.executive.gets.giant.bonus that would also get blocked.
-
Very important these ideas. But this is a challenge we will face.
For you what is the best way to block those extensions on pfsense?