Re: [squid-users] Blocking upload sites

From: Robert Collins <robert.collins@dont-contact.us>
Date: Tue, 15 May 2001 00:01:08 +1000

You can block POST requests via acl's. Be warned that doing that _does
not_ prevent information leakage. It will stop only the simplest form of
information export.

Be warned though: doing that does not make you "secure". Depending on
the level of security your information requires you may also need to
bloc:
all web requests (http tunneling tools can create a backchannel via
cookie, request strings, you name it - if a web request is allowed to a
untrusted site there is potential for leakage).
all email. (encrypted or stenagrophed files will bypass email filters).
All direct network traffic. (prevent SSH).
All indirect network traffic. (prevent backchannels). (this includes dns
lookups from client workstations).

In other words, _everytrhing_. The mechanisms of the web are designed to
promote information exchange between machines. The simplest and only
effective way to prevent such exchange is unplug the machines/subnetwork
from the internet.

Rob

----- Original Message -----
From: "Fabio G. Baptista" <FBaptista@uniway.com.br>
To: "'Squid Mailing List'" <squid-users@squid-cache.org>
Sent: Monday, May 14, 2001 11:48 PM
Subject: [squid-users] Blocking upload sites

> Hi,
>
> Is there any way on Squid to block uploads sites. I want to prevent
the
> employers on my company to upload important informations to these
sites and
> rescue them in their houses.
>
> Thanks,
>
> Fabio G. Baptista
> fbaptista@uniway.com.br
>
>
>
Received on Mon May 14 2001 - 08:02:58 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:59 MST