in Linux, Security 158 Words

Block Flash content on Squid proxy

No more flash
No more flash

One of the trending topic I discuss regularly with my company IT department is the need to block Flash content on our navigation proxies.

As a Security people I have no doubt about, Flash must be blocked. Period.

Because I manage some Squid proxy I made this simple and effective configuration in squid.conf  file.

# Block FLASH VIDEO
acl byeflash rep_mime_type -i video/flv video/x-flv ^application/x-shockwave-flash video/f4m video/f4 ^application/.*flash.*
http_reply_access deny byeflash

I made an ACL (byeflash) that match against the mime type of the reply received from Squid proxy (see ACL documentation for more details on rep_mime_type). This is a regexp that look for some specific mime type related to Flash content to block it.

The acl is then applied to http_reply_access configuration directive (see documentation).

Restart squid and say goodbye to Flash!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w
Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.