This article explains how to block someone from uploading files to a website such as Gmail or Hotmail using Squid with a simple shell script. The key feature of this process is that because we’re using an ACL, we can apply this rule to groups of users and computers as we would any other ACL.

Install Squid:

apt-get install squid

Edit the squid configuration file “/etc/squid/squid.conf” to look like the following:

acl all src all
http_port 3128
access_log /var/log/squid/access.log squid

external_acl_type request_body %{Content-Length} /usr/bin/upload.sh
# 1MB max upload
acl noupload external request_body 1024000

http_access deny !noupload
http_access allow all

Now create your script file:

touch /usr/bin/upload.sh
chmod 755 /usr/bin/upload.sh

Add the following content to your new script file “/usr/bin/upload.sh”:

#!/bin/sh
while read size limit; do
  if [ "${size}" -gt "${limit}" ]; then
    echo ERR
  else
    echo OK
  fi
done

Now start (restart) Squid:

/etc/init.d/squid start

5 comments:

UnknownNovember 30, 2016 at 12:00 PM
hi
this script good for https site ?
ReplyDelete
Replies
UnknownNovember 30, 2016 at 12:09 PM
t
ReplyDelete
Replies
UnknownNovember 30, 2016 at 12:11 PM
l
ReplyDelete
Replies
UnknownApril 13, 2017 at 6:20 AM
if it's possible to allow gmail and reset all block.
if any one have possible on this kindly reply on this
ReplyDelete
Replies
AnonymousMarch 15, 2018 at 4:17 AM
how used this script in pfsense 2.4.2 ?
ReplyDelete
Replies

Add comment