Question: How effective blocking extensions on PFSense?
Does anyone know how to block extension. exe,. bat using squid + squidguard on pfsense?
I've tried several ways but without success.
Last I heard it was working well, though I don't recall the specifics.
What exactly have you tried so far?
I appreciate the feedback.
I tried to create an ACL in the Squid Proxy server: General settings> Custom Options
acl extension url_regex .exe$;http_access deny all extension;
Another attempt: In SquidGuard> Destinations, the addition of the following regular expressions in BlackList
(..(zip|rar|cab|mp3|avi|mpg|swf|exe|mpeg|mpv|mp3))|(\ /download.|\ /. mp3)
However I can download.
Select you Destination category in the ACL or Default.
Thank you all for your help
I had tried several solutions.
I made a new destination in SquidGuard with the regular expression .exe
And Proxy filter SquidGuard: Default> Destination rules deny that I configured as destination
Uncheck the box to enable Proxy filter SquidGuard: General Settings, Apply, Save.
I marked the box, apply, save.
And even reboot the server.
After that, it worked perfectly
Happy New Year
If your regular expression is just the bare word "exe" you're going to run into a ton of overblocking.
Sorry I wrote wrong.
Should be ".exe"
The correct phrase above
You definitely want to research how regular expressions work. .exe will not block what you think it will.
But ".*.exe" or ".exe" worked.
If it's wrong, what is the correct way to block downloads .exe?
This will probably help clarify:
.exe will overblock as the . is treated as a wild card. Using \ will escape it so .exe will be a more correct approach. Mind you, .exe isn't the only executable file extension:
Not to mention that without being properly anchored as .exe$, it would match .exe in the middle of any URL
So if some random page was formatted like www.somerandomnewssite.com/story/embezzling.executive.gets.giant.bonus that would also get blocked.
Very important these ideas. But this is a challenge we will face.
For you what is the best way to block those extensions on pfsense?