Block .exe downloads

discuss about artica with HTTP proxy products (Squid,squidguard, clamav...)

Block .exe downloads

New postby mfdadmin1 » Wed May 30, 2018 6:31 am

Hi! I have the newest version of Artica proxy set up and everything vorks fine, except I can not figure out how to block users from downloading .exe files.
This example does not work for me: http://artica-proxy.com/acls-block-down ... ly-header/
Did i miss something?
mfdadmin1
 
Posts: 10
Joined: Mon May 28, 2018 9:37 am
Artica servers number: 1
Linux System: Debian
Technical skills: A Linux System Administrator

Re: Block .exe downloads

New postby mfdadmin1 » Wed May 30, 2018 11:59 am

Also how do I define if a blocked/allowed port is UDP or TCP?
mfdadmin1
 
Posts: 10
Joined: Mon May 28, 2018 9:37 am
Artica servers number: 1
Linux System: Debian
Technical skills: A Linux System Administrator

Re: Block .exe downloads

New postby mfdadmin1 » Wed May 30, 2018 12:37 pm

I tried with the web server filename replay - content: attachment; filename=.*?\.exe("|$)
and with file extension - content: \.exe$
mfdadmin1
 
Posts: 10
Joined: Mon May 28, 2018 9:37 am
Artica servers number: 1
Linux System: Debian
Technical skills: A Linux System Administrator

Re: Block .exe downloads

New postby admin » Wed May 30, 2018 7:29 pm

Is the website is on SSL ?

On SSL Proxy is not able to catch something in protocol
User avatar
admin
Site Admin
 
Posts: 11942
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Block .exe downloads

New postby mfdadmin1 » Thu May 31, 2018 5:25 am

Most of th internet is SSL now.
I understand that ssl encrypts the package and proxy can not see that the header contains .exe
Bun the file I tried to download is https://download.mikrotik.com/routeros/ ... winbox.exe
This link should be blocked with a "File extension" rule, but I still can download the file.
Capture.JPG
Capture.JPG (23.09 KiB) Viewed 307 times

The content of the "exe" proxy object is simply "exe" without dot. As in the example.
mfdadmin1
 
Posts: 10
Joined: Mon May 28, 2018 9:37 am
Artica servers number: 1
Linux System: Debian
Technical skills: A Linux System Administrator

Re: Block .exe downloads

New postby admin » Thu May 31, 2018 10:00 pm

Your ar right but proxy did not show the full uri on the SSL protocol.
it makes a CONNECT to download.mikrotik.com and did not see the rest of the protocol.
In your case, exe file cannot be catched.
User avatar
admin
Site Admin
 
Posts: 11942
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Block .exe downloads

New postby mfdadmin1 » Fri Jun 01, 2018 5:06 am

So I understand that I can not block .exe in SSL unless the filename is in the URL?
But the "web server filename replay" and "file extension" filters should work on plain http?

Maybe I could tell the antivirus that .exe is a bad extension so that it blocks it?
mfdadmin1
 
Posts: 10
Joined: Mon May 28, 2018 9:37 am
Artica servers number: 1
Linux System: Debian
Technical skills: A Linux System Administrator

Re: Block .exe downloads

New postby admin » Sat Jun 02, 2018 7:44 am

No the entire protocol is on SSL, so nothing can be catched, imagine that SSL is like VPN
User avatar
admin
Site Admin
 
Posts: 11942
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Block .exe downloads

New postby mfdadmin1 » Mon Jun 04, 2018 5:15 am

Yes, but if the proxy is not used as a transparent proxy, but forced on users using GPO? Than it should be able to block .exe in https.
mfdadmin1
 
Posts: 10
Joined: Mon May 28, 2018 9:37 am
Artica servers number: 1
Linux System: Debian
Technical skills: A Linux System Administrator

Re: Block .exe downloads

New postby admin » Mon Jun 04, 2018 7:10 am

No, the only way is to use MAN-IN-THE-MIDDLE that require to intall proxy certificate on all browsers in order to let the proxy decrypt protocol
User avatar
admin
Site Admin
 
Posts: 11942
Joined: Wed Oct 17, 2007 7:59 am
Location: France


Return to Squid & Web filtering

Who is online

Users browsing this forum: No registered users and 5 guests

cron