> 1) does some situation exist where large HTTP outbound transfers are
> done without any Content-Length header? This would make it possible for
> users to work around my acl;
chunked responses (Transfer-encoding: chunked) don't contain Content-Length.
> 2) what happens with HTTPS? Is it subject to the same rules as HTTP, or
> would it pass unfiltered, as it uses the CONNECT method?
Since headers can't be read, it won't get blocked by a header acl.
> Is Squid able to block big FTP uploads, or FTP uploads in general?
> I couldn't find any way to do it, yet... Is there some safe way to block
> STOR commands?
Don't allow active ftp to the outside, only passive, and allow CONNECT
only to 443 (and possibly some other ports if you need to https to it).
Any ftp session trying to use your squid box will try to use CONNECT to a
high-port, which won't work. So you'll only have ftp-over-http, and that
doesn't allow ftp puts.
> SMTP
> --------
> This is really not in topic with the list, but nevertheless, if anyone
> has any suggestions... I'm currently setting up Postfix to filter SMTP
> connections, I just need to configure authentication-based policies.
Most of that is quite well explained in the postfix manual.
Joost
Received on Thu Oct 13 2005 - 13:23:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST