Unable to block .exe files

Can someone please guide how to block executable files, compressed archive files and files download by extensions.
checked block executable files and blocked compressed archive files TAB under URL filter-File Extension blocking, but not worked.
also tried entering extensions in Custom expression list - not worked.
Can someone guide me how to apply these settings.

image

Hi @ipfpatil

Welcome to the IPFire Community. :smile:

Have you enabled the URL Filter on the Web Proxy page.

For more details on using the Web Proxy and URL Filter see the Wiki.

Web Proxy
URL Filter

yes url filter and web proxy enabled -

Hi @ipfpatil,

Okay.

The File extension blocking should just work by selecting it as you have done. Other people may have additional input on why that is not working for you.

Your Custom expression list needs to be modified as it is expecting a Regular Expression (Regex).

1 Like

The regular expression for blocking .exe, .xls and .doc should read

(*\.doc)|(*.xls)|(*.exe)

1 Like

Shouldn’t it be
(*\.doc)|(*\.xls)|(*\.exe)
or just
(\.doc)|(\.xls)|(\.exe)?

2 Likes

You are right! just forgot to check my post while struggling with the wiki syntax. :wink:

Tried all which you guys suggested but still blocking not working with extension.

Under URL filter settings selected block categories options also not working.

Please help.

Hi @ipfpatil,

Happy New Year. Let’s hope we can get you going with the URL Filter.

Very basic check question. Does the Web Proxy show up as running in the Status - Services menu page.

If yes, then that’s the end of my help.

If no, then did you press “save and restart” on the Web Proxy page when you first setup the page.

This is a very basic question but I thought it worth asking just in case.

Hi,

Happy New Year.

Yes, Web Proxy shows up as running in the status - services menu page.

Hi,

just to have it mentioned: In case the .exe files are downloaded from a source supporting TLS (HTTPS
in this case), there is unfortunately no trivial way to detect or block them, as they are encrypted
in transit.

For HTTP URLs, however, blocking .exe files should work.

Thanks, and best regards,
Peter Müller

1 Like

@pmueller am I too harsh if I say that IpFire development team, currently, don’t consider interesting or safe implement Peek and Splice approach for TLS filtering?
https://wiki.squid-cache.org/Features/SslPeekAndSplice

So squid man in the middles my connection.
Like the NSA and the German Government etc.

1 Like

Routers fundamentally do not “know” files, only packets. For filtering files, you need an application which can understand files, therefore a cache can help you to save data transfers if not needed, but also can choose what forward to client following instructions and directive.
Is this MITM? Yup. Can be “transparent” for the clients (no need to configure proxy on device), and is YOUR MITM, not other one.

Limit is with TLS and HSTS. With TLS the content of file is forbidden to access without breaking connection, with HSTS server and client are not allowed to “downgrade” part of the connection from TLS protocol with plain HTTP.
The interesting approach of peek and splice is to catch what client is asking as URL, and acting only if the content (file) is not what expected or if the URL is going into unwanted direction (content filtering). With TLS now cache is almost useless but who knows.

Let me add one more thing.
Proxy can limit not only domains, hosts, but even applications, so… app.company.co/email may be allowed and app.company.co/chat may be not. Not the same thing is possible with DNS content filtering.

1 Like