Block upload file to internet

yahav02 · Nov 25, 2016, 8:29 PM

Does anyone know how to block users to upload files to internet with squid + squid guard???
Thanks

javcasta · Nov 26, 2016, 10:10 AM

Hi.

For block download files by extension with SquidGuard.

https://doc.pfsense.org/index.php/SquidGuard_package#Block_download_by_Extension

For block upload files, I do not know how to, but in this link maybe help you to configure one acl or advanced option is squid:

How To Block File Uploads Using Squid ACL’s
http://nanlyx.blogspot.ie/2013/04/how-to-block-file-uploads-using-squid.html

Regards.

yahav02 · Nov 26, 2016, 10:24 AM

Thanks
Is it possible to configure it from GUI on pfsense?

javcasta · Nov 26, 2016, 2:26 PM

Hi.

The gui part: I suppose in the Services > Proxy Server: General Settings > General > (show advanced options) Advanced Features:
Custom ACLS (After Auth)

acl all src all
http_port 3128
access_log /var/log/squid/access.log squid

external_acl_type request_body %{Content-Length} /usr/bin/upload.sh
# 1MB max upload
acl noupload external request_body 1024000

http_access deny !noupload
http_access allow all

And create the file: /usr/bin/upload.sh with execute permissions (via shell: chmod +x /usr/bin/upload.sh )


#!/bin/sh
while read size limit; do
  if [ "${size}" -gt "${limit}" ]; then
    echo ERR
  else
    echo OK
  fi
done

But I have not tried this procedure in pfsense

Regards.

yahav02 · Nov 30, 2016, 8:04 PM

hi javcasta
this script work on https web site ?

thenks

javcasta · Dec 1, 2016, 7:02 PM

Hi.

@yahav02:

hi javcasta
this script work on https web site ?

thenks

It is not my script.
You must go to the source: How To Block File Uploads Using Squid ACL’s
http://nanlyx.blogspot.ie/2013/04/how-to-block-file-uploads-using-squid.html

Regards