[plug] Prevent downloads

James Devenish devenish at guild.uwa.edu.au
Thu May 8 08:14:46 WST 2003


In message <1052316042.30158.263.camel at jlmpc>
on Wed, May 07, 2003 at 10:00:42PM +0800, Jon Miller wrote:
> I know in the Novell Squid Proxy app you can set it to 0bytes to
> restrict downloading.

Aha! Can anyone explain that to me? In popular parlance there is a
perception that "downloading" is different from "web browsing" is
different from "file transfer", etc, because web browsers have a
"download manager" or "download progress" dialogue box for certain file
formats. But, of course, all HTTP content in your web browser has been
downloaded. Even HTML pages (the BROWSER makes a distinction between
those that are displayed inline / in cache and those which are written
to disk for viewing in external programmes). What is it that you can
impose a 0 byte limit on? Is it based on MIME types and trust in the
host web server to deliver truthful/correct MIME types?

> I think setting a limit of 200-300k is good

Unless these people need to view PDF files...or games disguised as PDF
files :)

> > > I was asked how the coordinator could prevent casual computer users (school
> > > kids and tourists) from downloading applications like games, Real Jukebox,
> > > etc, from the Internet .... and I can't think of a quick answer.

Is the concern about downloading them, or running them? If you can't
accurately prevent people from downloading them, or cannot do so without
unreasonably limiting authorised usage, you may need to focus on
preventing people from *running* applications other than those that come
installed on the machine. Although such things should be possible with
Windows, OpenBSD, Solaris, etc., I don't know about Linux. Perhaps
http://www.rsbac.org/? Perhaps the simplest method could be to put all
user-writeable areas (incl. /tmp, /var/tmp, /home, etc) into mount
points that don't have binary execution privileges. Can't prevent
downloading, but would prevent execution (albeit with possibly
unintuitive error messages?).




More information about the plug mailing list