Post Reply 
Blocking downloads in medium business enviro
Mar. 18, 2005, 10:08 PM
Post: #1
 
Hello... I am using Proximotron 4.5 as a coporate Proxy specifically for the purpose of pre-scanning URLs for buffer overflows and things using Kye-U's security pack.

Our company only allows executable file types to be downloaded from the 3 admin machines. So I am TRYING to use Proxomitron to distinguish between allowed "inline" filetypes such as .PDF and disallowed downloads such as .EXE or .ZIP.

I'm currently doing this with the adlist blockfile just by adding *.exe and *.zip etc to the list. It is working, but you guessed it. I'm getting quite a few false positives this way.

Example: *.reg is successfully blocking .reg file downloads but is incorrectly stopping browsing to a.registrar.b.com for example.

How can I get this working better? In other words make .reg match but not .regi or .rego or is there a COMPLETELY different method for doing this which will get me better results?
Add Thank You Quote this message in a reply
Mar. 19, 2005, 06:17 AM
Post: #2
 
Instead of just *.reg, you could try *.reg[^a-z0-9]. This would match "something.reg", but not "something.registrar", or "something.reg39".
Add Thank You Quote this message in a reply
Mar. 22, 2005, 07:14 PM
Post: #3
 
Thanks Siamesecat, but it doesn't seem to be working.

Just as a test, if I create a web page filter.. go in an create the same rule there, it checks out as not working.

Here is a similar scenario.. but kind of as a funny prank that worked great, if not completely.
As a prank on some of our users here, I created a rule to replace UNC or North Carolina with Duke, and Duke with UNC. It worked great but people finally caught on to the prank because NC State was showing up as Duke State.

I tried correcting the error the same way... but could find no way to make a rule that emulates this plain english statement:
The string "North Carolina" followed by any string OTHER than "State" should be changed to the string "Duke".

I did have fun with it.. but I guess I just need some help and tutoring creating more complex rules.

***Edit: <Blush> I edited this post 4 times before I realize my own prank was fooling with me. hehehe
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: