1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block file extension from download

Discussion in 'Tomato Firmware' started by eahm, Oct 15, 2013.

  1. eahm

    eahm LI Guru Member

    I need a way to block ANY file extension from being downloaded, employees of customers' companies don't listen, I need a way to block this from its source, from the router.

    .exe, .msi are preferrable but I would like to block any extension, even .zip etc.

    Is there a way?

    Thanks.
     
  2. kbenoit

    kbenoit Reformed Router Member

    You should look into squid. There's a package in optware. Another way would be to get packets in userspace with iptables and code a filter.
     
  3. Victek

    Victek Network Guru Member

    Use NGINX as a web proxy.. it's included in my version, code...

    Code:
    location ~* (|\.exe|\.js|\.zip|\.msi)$ {
        valid_referers blocked mydomain.com www.mydomain.com;
        if ($invalid_referer) {
            return 444;
        }
    }
     
  4. jerrm

    jerrm Network Guru Member

    The web module for iptables should be pretty effective. Create a gui rule to block activex/java/flash and use that as a template and add in whatever extensions you want. It should be something like (but create a gui rule to double check the syntax!):
    Code:
    iptables -I wanout -p tcp  --dport 80 -m web --path ".swf$ .jar$" -j REJECT  --reject-with tcp-reset
    You can then copy that rule and add in whatever extensions you want.

    Nothing is 100% though. This likely will not block files served up as response to a query string or anything ssl. A proxy solution also looking at mime types would be best. Neither will do any good if files are served via https/ssl.
     
    Last edited: Oct 16, 2013
  5. Almaz

    Almaz Serious Server Member

Share This Page