[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] Squid File Upload Blocking
From:       Amos Jeffries <squid3 () treenet ! co ! nz>
Date:       2019-05-08 1:50:41
Message-ID: d2b39015-a2a6-ea07-cea4-60bcc7aeefac () treenet ! co ! nz
[Download RAW message or body]

On 8/05/19 11:03 am, Fabricio Ferreira wrote:
> Hello Lukas,
> 
> For sure Schroeffu is right. Without the SSL Interception (a.k.a. MITM –
> Man in the middle) squid can't filter any HTTPS request as it doesn't
> know what you have inside the SSL tunnel.
> 
>   

Also, in case the problem remains after SSL-Bump is done - the mime type
may not be set properly by the software doing the upload. Website upload
forms used to be particularly bad for that, but YMMV these days.

So you will want to set "debug_options 11,2" at the proxy for testing an
upload. The cache.log will then log a copy of the HTTP PUT/POST message
headers to see what mime types are actually happening and adjust your
blacklist appropriately.

HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[prev in list] [next in list] [prev in thread] [next in thread]