Page 1 of 1

Block .exe downloads

New postPosted: Wed May 30, 2018 6:31 am
by mfdadmin1
Hi! I have the newest version of Artica proxy set up and everything vorks fine, except I can not figure out how to block users from downloading .exe files.
This example does not work for me: http://artica-proxy.com/acls-block-down ... ly-header/
Did i miss something?

Re: Block .exe downloads

New postPosted: Wed May 30, 2018 11:59 am
by mfdadmin1
Also how do I define if a blocked/allowed port is UDP or TCP?

Re: Block .exe downloads

New postPosted: Wed May 30, 2018 12:37 pm
by mfdadmin1
I tried with the web server filename replay - content: attachment; filename=.*?\.exe("|$)
and with file extension - content: \.exe$

Re: Block .exe downloads

New postPosted: Wed May 30, 2018 7:29 pm
by admin
Is the website is on SSL ?

On SSL Proxy is not able to catch something in protocol

Re: Block .exe downloads

New postPosted: Thu May 31, 2018 5:25 am
by mfdadmin1
Most of th internet is SSL now.
I understand that ssl encrypts the package and proxy can not see that the header contains .exe
Bun the file I tried to download is https://download.mikrotik.com/routeros/ ... winbox.exe
This link should be blocked with a "File extension" rule, but I still can download the file.
Capture.JPG
Capture.JPG (23.09 KiB) Viewed 511 times

The content of the "exe" proxy object is simply "exe" without dot. As in the example.

Re: Block .exe downloads

New postPosted: Thu May 31, 2018 10:00 pm
by admin
Your ar right but proxy did not show the full uri on the SSL protocol.
it makes a CONNECT to download.mikrotik.com and did not see the rest of the protocol.
In your case, exe file cannot be catched.

Re: Block .exe downloads

New postPosted: Fri Jun 01, 2018 5:06 am
by mfdadmin1
So I understand that I can not block .exe in SSL unless the filename is in the URL?
But the "web server filename replay" and "file extension" filters should work on plain http?

Maybe I could tell the antivirus that .exe is a bad extension so that it blocks it?

Re: Block .exe downloads

New postPosted: Sat Jun 02, 2018 7:44 am
by admin
No the entire protocol is on SSL, so nothing can be catched, imagine that SSL is like VPN

Re: Block .exe downloads

New postPosted: Mon Jun 04, 2018 5:15 am
by mfdadmin1
Yes, but if the proxy is not used as a transparent proxy, but forced on users using GPO? Than it should be able to block .exe in https.

Re: Block .exe downloads

New postPosted: Mon Jun 04, 2018 7:10 am
by admin
No, the only way is to use MAN-IN-THE-MIDDLE that require to intall proxy certificate on all browsers in order to let the proxy decrypt protocol