[squid-users] Squid File Upload Blocking
Fabricio Ferreira
guzzy at bol.com.br
Tue May 7 23:03:24 UTC 2019
Hello Lukas,
For sure Schroeffu is right. Without the SSL Interception (a.k.a. MITM – Man in the middle) squid can’t filter any HTTPS request as it doesn’t know what you have inside the SSL tunnel.
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of info at schroeffu.ch
Sent: Tuesday, May 7, 2019 7:46 PM
To: Lukas Yčas <lukasycas at gmail.com>; squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid File Upload Blocking
Hi Lukas
for my understanding you have to decrypt the SSL connection with SSL bump, otherwise Squid is unable to read what mime type is going through the ssl tunneled connection.
lot regards
schroeffu
7. Mai 2019 22:41, "Lukas Yčas" <lukasycas at gmail.com <mailto:lukasycas at gmail.com?to=%22Lukas%20Y%C4%8Das%22%20%3clukasycas at gmail.com%3e> > schrieb:
Hello,
I am currently attempting to block File Upload with squid -
squid.conf:
acl filesblock2 req_mime_type "/usr/local/squid/etc/blocked_up_extensions.acl"
http_access deny filesblock2
blocked_up_extensions.acl:
application/msword
application/vnd.openxmlformats-officedocument.wordprocessingml.document
With these settings applied I'm still able to upload .doc / .docx files for example via this website:
https://uploadfiles.io/
Am I missing something? How can I make it work?
P.S. I somehow do not receive replies via this mailing list, I can only read the daily digest, if you could add my email to CC while replying I would be very glad.
Regards,
Lukas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190507/847f684a/attachment.html>
More information about the squid-users
mailing list