Block EXE downloads for one group of users but not another?



  • Hello… brand new pfsense user here.

    I am trying to find a way to split my users into 2 groups. One highly restricted with no application or zip file downloads and another mainly unshackled. I've got the category based filtering working fine for this purpose but am down now to just the file blocking portion that I need to implement.

    I am in non-transparent proxy mode and I am using the captive portal tied to windows active directory radius method of authentication. I am aware of regex blocking in squid, but that would seem to block for everyone. I only need to do this for authenticated subgroups of users. Please help me.


  • Rebel Alliance Developer Netgate

    Use squidGuard. With squidGuard you can setup ACLs, and have certain actions ("Destinations") apply to only certain groups.



  • @jimp:

    Use squidGuard. With squidGuard you can setup ACLs, and have certain actions ("Destinations") apply to only certain groups.

    Would you be meaning using the target categories tab? That is the only place I see where anything like regexes can be used. I'm already using squidguard for category based filtering, but didn't know it could also be used for custom file extension etc.

    I'm going to dig through as much squidguard docs as I can find. If you know of any in particular that describe how to use squidguard for this purpose please post them. Meanwhile I'll be searching myself.


  • Rebel Alliance Developer Netgate

    There are several other threads here on this forum about blocking extensions with squidguard, proper regexes to do it, etc. Some searching should turn them up.



  • @jimp:

    There are several other threads here on this forum about blocking extensions with squidguard, proper regexes to do it, etc. Some searching should turn them up.

    Ok.. I'll look again. I had searched and found more than I could shake a stick at but the ones I found I must have misunderstood or not read deeply enough, but they seemed to be all or none regex blocking. But I'll admit I'm coming from a Bluecoat environment though, so I am probably scanning the threads looking for something similar to how it was done there and missing things.



  • @getut:

    @jimp:

    There are several other threads here on this forum about blocking extensions with squidguard, proper regexes to do it, etc. Some searching should turn them up.

    Ok.. I'll look again. I had searched and found more than I could shake a stick at but the ones I found I must have misunderstood or not read deeply enough, but they seemed to be all or none regex blocking. But I'll admit I'm coming from a Bluecoat environment though, so I am probably scanning the threads looking for something similar to how it was done there and missing things.

    http://diskatel.narod.ru/sgquick.htm


Log in to reply