RE: [squid-users] Blocking file uploads with HTTPS/SSL

From: Tracey, Michael <Michael.Tracey@dont-contact.us>
Date: Mon, 21 Mar 2005 15:44:10 -0500

>> I'm trying to block file uploads over a certain size with squid, and have
>> everything working, except where the user connects with HTTPS. Is there
a
>> way to limit uploads based on size when it's encrypted ssl (443) traffic?

>Nope. The size is not known to Squid when the traffic is encrypted. All
>Squid sees is that there is some kind of bidirectional traffic between the
>browser and the requested server.

>At best an acl could be added to forcibly terminate connections after N
>amount of bytes have been sent in either direction, but there is no
>guarantee this won't incorrectly terminate connections when there is
>multiple request sent over the same persistent SSL connection, and imho
>would generally do more bad than good.
>
>Regards
>Henrik

I'm still very interested in trying this. How would you write the ACL to
drop SSL traffic after N bytes? Since I'm trying to make sure that people
don't upload files in the 300+ MB range, I'm sure that I can tweak the
amount of traffic where it will not effect my normal users.

Another external acl?

Thanks again for all your help.

Michael
Received on Mon Mar 21 2005 - 13:45:19 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST