Re: [squid-users] Identifying POSTs over https

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 20 May 2012 12:23:14 +1200

On 19/05/2012 3:19 a.m., Harry wrote:
> Hello,
>
> For a site like drive.google.com that allows you to upload files over HTTPS,
> I would like to be able to place an upper limit on the size of the files
> that can be uploaded.
>
> Using the HttpFox addon for Firefox, I can see that a whole bunch of GETs
> and POSTs get sent by the browser over HTTPS during the file upload process,
> with the actual file being sent by one of those POSTs.
>
> The problem is, my ACL based on method POST -- "acl post method POST" --
> fails to match any of these POSTs!
>
> I can control POST-based file uploads over *HTTP* just fine by using an
> external ACL that checks for the size with the help of a external shell
> script. I'd like to be able to do the same for POSTs over HTTPS also.
>
> (I'm using Squid 2.6. )
>
> Could someone please suggest a way?

Decrypt the SSL layer. That is the *only* way to know what is happening
inside the encryption.

Firefox can see what is inside the encryption becasue it is the software
adding the encryption around those things. SSL is designed specifically
to prevent other software from seeing them.

A better policy is to limit total bandwidth per client. If they choose
to upload/download large files they can suffer the consequences of the
bandwidth wastage. Other clients who choose small files can do many page
viewings without any problems. This also avoids the difficult problems
of identifying which requests are files, and which requests are streams,
etc, etc.

Amos
Received on Sun May 20 2012 - 00:23:18 MDT

This archive was generated by hypermail 2.2.0 : Sun May 20 2012 - 12:00:03 MDT