Can someone please guide how to block executable files, compressed archive files and files download by extensions.
checked block executable files and blocked compressed archive files TAB under URL filter-File Extension blocking, but not worked.
also tried entering extensions in Custom expression list - not worked.
Can someone guide me how to apply these settings.
just to have it mentioned: In case the .exe files are downloaded from a source supporting TLS (HTTPS
in this case), there is unfortunately no trivial way to detect or block them, as they are encrypted
For HTTP URLs, however, blocking .exe files should work.
Routers fundamentally do not “know” files, only packets. For filtering files, you need an application which can understand files, therefore a cache can help you to save data transfers if not needed, but also can choose what forward to client following instructions and directive.
Is this MITM? Yup. Can be “transparent” for the clients (no need to configure proxy on device), and is YOUR MITM, not other one.
Limit is with TLS and HSTS. With TLS the content of file is forbidden to access without breaking connection, with HSTS server and client are not allowed to “downgrade” part of the connection from TLS protocol with plain HTTP.
The interesting approach of peek and splice is to catch what client is asking as URL, and acting only if the content (file) is not what expected or if the URL is going into unwanted direction (content filtering). With TLS now cache is almost useless but who knows.
Let me add one more thing.
Proxy can limit not only domains, hosts, but even applications, so… app.company.co/email may be allowed and app.company.co/chat may be not. Not the same thing is possible with DNS content filtering.