Saturday, June 03, 2006

URL Paths

I mainly use the URL Paths function of the HTTP Proxy for blocking file extensions. Here is a list of extension that I deny:

*.acf
*.ade
*.adp
*.ani
*.arj
*.bas
*.bat
*.cab
*.chm
*.class
*.cmd
*.clp
*.cpl
*.cur
*.dat
*.dcr
*.dif
*.fav
*.hhk
*.hhp
*.hlp
*.ht
*.hta
*.htt
*.htx
*.hqx
*.idc
*.inf
*.ins
*.isp
*.jar
*.jav
*.java
*.job
*.lnk
*.m3u
*.mad
*.maf
*.mam
*.maq
*.mar
*.mat
*.mcw
*.mda
*.mdb
*.mde
*.mdn
*.mdt
*.mdv
*.mdw
*.mht
*.mnd
*.mp3
*.mpc
*.msi
*.msp
*.mst
*.nws
*.odc
*.ofn
*.ogg
*.pbk
*.pcd
*.pif
*.pip
*.pls
*.pot
*.ppa
*.ppz
*.pwz
*.ra
*.ram
*.rar
*.rat
*.reg
*.rjs
*.rm
*.rmm
*.rmp
*.rmx
*.rpm
*.scf
*.scr
*.sct
*.shs
*.slk
*.smil
*.tar
*.url
*.vb
*.vbd
*.vbe
*.vbx
*.vxd
*.wab
*.wiz
*.wma
*.wsc
*.wsf
*.wsh
*.wsz
*.zip

Notice that the file extension *.com is missing. I hope you can guess why.
You can also use the URL Path function for some more advanced filtering. I use it to prevent my users from turning off the safe search for google image search.

Rule name: Google_images_Safe_Search_Off
Pattern match: images.google.*/*safe=off*

7 Comments:

Anonymous Jon Cavallo said...

You can put *.com in the URL Paths. You need to enter it as [/*.com]

I use the /*.x convention on all my extension blocking. This helps prevent them from wildcarding some other part of a complex url.

8:06 PM  
Anonymous Anonymous said...

IS there a way to do bulk import your definitions? it will take a while to key them in one by one.

thanks great site.

6:41 PM  
Anonymous Anonymous said...

anonymous...I'm afraid not.

--WG

5:56 AM  
Anonymous Anonymous said...

by the way, some of you might find the following URL useful, which provides a nice list of unsafe file extensions and a few regex rules at the end.

http://www.ncl.ac.uk/iss/email/mailscanrules.html

--WGT

6:17 AM  
Blogger Akki said...

Hi,

The list provided here is for the sites or the subdirectories within the site.

I mean

if i enter *.pif in URL paths

Which will be denied access

www.google.com/www.pif or google.pif

8:15 AM  
Blogger samvv said...

so using this way can i allow all users to brows internet but no body cannot download any thing ,or tell me how to do it

8:46 AM  
Blogger Squidblacklist said...

We are the worlds leading publisher of Squid 'Native ACL' formatted blacklists, that allow for web filtering directly with Squid proxy. Of course we also offer alternative formats for the most widely used third party plugins, such as DansGuardian and Squidguard. And while our blacklists are subscription based, they are as a result of our efforts, of a much higher degree of quality than the free alternatives.

We hope to serve you,

--
Signed,

Benjamin E. Nichols
http://www.squidblacklist.org

2:29 AM  

Post a Comment

<< Home