Monday, April 29, 2013

How To Block File Uploads Using Squid ACL’s


This article explains how to block someone from uploading files to a website such as Gmail or Hotmail using Squid with a simple shell script. The key feature of this process is that because we’re using an ACL, we can apply this rule to groups of users and computers as we would any other ACL.

Install Squid:
apt-get install squid
Edit the squid configuration file “/etc/squid/squid.conf” to look like the following:
acl all src all
http_port 3128
access_log /var/log/squid/access.log squid

external_acl_type request_body %{Content-Length} /usr/bin/upload.sh
# 1MB max upload
acl noupload external request_body 1024000

http_access deny !noupload
http_access allow all
Now create your script file:
touch /usr/bin/upload.sh
chmod 755 /usr/bin/upload.sh
Add the following content to your new script file “/usr/bin/upload.sh”:
#!/bin/sh
while read size limit; do
  if [ "${size}" -gt "${limit}" ]; then
    echo ERR
  else
    echo OK
  fi
done
Now start (restart) Squid:
/etc/init.d/squid start

5 comments: