Squid is an open-source web proxy cache. It is widely used in enterprise network with high traffic through web service to reduce traffic load and sometimes to prevent access to prohibit web sites. Usually, you might use Squid as just a cache, there is no problem. Whenever you want to block access through outside via access control list in Squid, you have to verify what you have done. For example, you want to prevent end-users to download virus, worm, spyware, malware and other possible unwanted files. As a result, you add below ACL.

acl block-download urlpath_regex -i \.exe$ \.zip$ \.iso$ \.avi$ \.mpeg$ \.wma$ \.vbs$ \.com$ \.vbe$ \.sys$ \.diz$ \.pif$ \.bat$ \.scr$ \.cmd$ \.dat$;
http_access deny block-download

Above ACL means that all URLs ending by .exe, .zip, .iso, .avi, .mpeg, .wma, .vbs, .com, .vbe, .sys, .diz, .pif, .bat, .scr, .cmd, and .dat are not allowed to access via this squid configuration. It seems to work fine but not all cases. Imagine that there is a web page having a link as follow.

http://www.major.com/?from=www.minor.com

You are unable to view above URL because the URL has ".com" at the end. In my opinion, restrict access to some URLs to prevent malwares is not necessary and does not cover all possibilities. For example, the URL may be informed of .php, .pl, .cgi, or no extension, but the URL returns content with mime-type application/octet-stream. In conclusion, every computers should install an anti-virus such as NOD32.

Technorati Tags: English, IT, Security, Software, Linux, Tips and Tricks, Proxy, Squid, ACL, NOD32