Herman (ISTD) wrote:

> Currently, I am preventing my users for downloading some files e.g file
> with .bz2 extention.

> In squid.conf I define as following :
> acl BadUrl url_regex -i "/usr/local/squid/etc/data/BadUrlFile"

> Add I add this entry to /usr/local/squid/etc/data/BadUrlFile :
> \.bz2$

> But some of the users did some trick by adding ? or ?/ in the URL

> And they successful to bypass my ACL and download the files they wanted.

> I have try to add "\.bz2?$" and "\.bz2?/$" in to
> /usr/local/squid/etc/data/BadUrlFile file. But it does not work.

Like with the '.', you need to escape the '?' and '/' with a '\'.