Exe Filter

This simple filter blocks HTTP downloads of Windows executable files.

This filter may be used to prevent your children (or employees) from downloading potentially harmful executables. But even if you are the only user of your Foxy server, it may still make sense to enable this filter to prevent your browser from sneaky virus downloads due to security flaws exploited by malicious websites (e.g. see http://www.ciac.org/ciac/bulletins/m-027.shtml).

If you choose to enable this filter (disabled by default), don't forget to temporarily enable it before trying to download a legitimate executable.

Parameters

action

The action parameter defines method of access blocking.

Format:

action = disconnect
action = redirect:URL

• disconnect – Silently drop connection, so the user does not even know that access was blocked.
  
• redirect:URL – Redirect to URL.

See also Common Filter Parameters.

How It Works

• The filter inspects the requested URL. If it sees a plain path name (no query args) ending with “.exe” or “.bat”, it blocks the request immediately. This is the cheapest method, since in this case Foxy does not even have to connect to the target web server.
• File names may not be exposed in download URLs. This is why first few bytes of the response body are checked as well to determine whether the response contains Windows executable file signature or not. If it does, the download is aborted before anything is sent back to the browser.

Example

Configuration file fragment:

type = Exe Filter
name = Executable Download Blocker
enabled = true
logging = true
include = *
action = disconnect

Web UI equivalent: