[SOLVED]pfsense 2.43: squidguard doesn't deny to download exe, mp3, etc



  • Hey everybody.
    I installed pfSense 24.3 (x64) and i'm don't know how to deny download exe, mp3 and others extensions.
    I created a rule:

    .*.(zip|rar|cab|mp3|avi|mpg|swf|exe|mpeg|mpv))
    

    nothing.
    After this i trying to write a this rule

    \.mp3$)|(.*\/.*\.mp3)|(.*\.mp3)|(\/mp3.*)|(.*wallpaper.*)|(.*wallscreen.*)|(.*обои.*)|(.*1internet.tv\/.*Remont.*)|(.*1internet.tv\/.*FAZENDA.*)|(.*\.tv$)|(.*remont.*)|(\.jpg$)|(\.exe$)|(.*\/.*\.exe)|(.*\.exe)|(\/exe.*) 
    

    but this does not work.


  • Netgate Administrator

    More information needed.

    Where are you configuring that?

    How are you testing it?

    What result are you seeing? What do you expect to see?

    Steve



  • Thanks for your reply.
    My steps for testing:

    1. added into "Proxy filter SquidGuard: Target categoriesEditTarget categories" new item with including regexp from my first post, named for example "block_ext";
    2. into "Proxy filter SquidGuard: Groups Access Control List (ACL)EditGroups ACL" add new group, for example "dis_ext", add in "client (source)" ip-address my test PC.
      There in the "Target Rules List" I set DENY for "block_ext";
    3. I go to "PackageProxy filter SquidGuard: General settingsGeneral settings" and click to "Apply";
    1. On my test PC I open web-browser and try go to address, for example, any site where I can download exe. Here I click to "download program" and this is possible.

    Sorry for my very bad English!


  • Netgate Administrator

    Ok.

    Do you have Squid setup to proxy http and https?

    Do other target categories block correctly?

    Do you see the .exe files in the Squid log being passed?

    Steve



  • Hello.
    Yes, I selected "Transparent HTTP Proxy" for LAN.
    I was create new CA cert, export and install on my test PC.
    Also I was select "HTTPS/SSL Interception" for LAN, check my new CA-cert,
    set: SSL Proxy Compatibility Mode" - Modern,
    Remote Cert Checks - Do not verify remote certificate,
    Certificate Adapt - Sets the "Not before" (setValidBefore)

    After, I tested download exe on my test PC. And it is possible.
    In log I see link to exe.
    0_1535432749334_ba79de5c-2ebd-4645-84ca-d2ff9e861cfc-image.png


  • Netgate Administrator

    Ok, so it's seeing the file pass but just not triggering on the acl.
    Try adding a target category with only .exe in it. If that triggers we know it's the regex not working as expected.

    Steve



  • Hello!
    This is miracle!
    I created the rule

    \.(exe|mp3)
    

    and when I trying to download exe or mp3 - SquidGuard blocked it!

    my screenshot
    0_1535543506055_9be9d4f6-2d5e-4564-978f-36e078dc0d5e-image.png

    Thank you for you help for me!!!

    Maybe this theme to be helps for somebody.


  • Netgate Administrator

    Great! So looks like it was just a regex issue. Thanks for the follow up.

    Steve


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy