[squid-users] Re: Blocking big uploads

From: Marco De Vitis <starless@dont-contact.us>
Date: Thu, 13 Oct 2005 23:56:56 +0200

In article <4730.82.92.184.195.1129231418.squirrel@82.92.184.195>,
 "Joost de Heer" <sanguis@xs4all.nl> wrote:

> chunked responses (Transfer-encoding: chunked) don't contain Content-Length.

Thanks.
And is there a real possibility that this encoding is used for an upload?
I suppose it is used e.g. for streaming audio/video, but would it be
possible to use it for uploading, without deep network knowledge or
complex settings (like setting up a streaming server)?
Or, most of all, as far as you know, does some online service exist
which uses this for file uploads?

Maybe I could block it by adding a proper req_header acl...

> Don't allow active ftp to the outside, only passive, and allow CONNECT
> only to 443 (and possibly some other ports if you need to https to it).
> Any ftp session trying to use your squid box will try to use CONNECT to a
> high-port, which won't work. So you'll only have ftp-over-http, and that
> doesn't allow ftp puts.

Ok thanks I'll study this solution.

> > SMTP
> Most of that is quite well explained in the postfix manual.

Yes I know how to do it, I just hoped for some alternative solutions. ;)

-- 
Ciao,
  Marco.
Received on Thu Oct 13 2005 - 16:01:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST