Re: [squid-users] Blocking file uploads with HTTPS/SSL

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 21 Mar 2005 21:29:01 +0100 (CET)

On Mon, 21 Mar 2005, Tracey, Michael wrote:

> I'm trying to block file uploads over a certain size with squid, and have
> everything working, except where the user connects with HTTPS. Is there a
> way to limit uploads based on size when it's encrypted ssl (443) traffic?

Nope. The size is not known to Squid when the traffic is encrypted. All
Squid sees is that there is some kind of bidirectional traffic between the
browser and the requested server.

At best an acl could be added to forcibly terminate connections after N
amount of bytes have been sent in either direction, but there is no
guarantee this won't incorrectly terminate connections when there is
multiple request sent over the same persistent SSL connection, and imho
would generally do more bad than good.

Regards
Henrik
Received on Mon Mar 21 2005 - 13:29:03 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST