On Fri, 23 Apr 2004, Michael Gale wrote: > How can you block file uploads using squid ? Right now I have the following: > > ##### Blocking file uploads > acl fileupload req_mime_type -i ^multipart/form-data$ > http_access deny fileupload > > But am not sure if this is the best method ?
This will block form based file uploads, but will also some other forms using multipart/form-data. In additon PUT based file uploads is not blocked. If you want to block PUT based file uploads as well then deny the use of the PUT method. But in most cases it is sufficient to simply limit the request size. This will quite effectively stop file uploads of any valuable information, while allowing most forms to work normal, including uploads of trivial files. Regards Henrik
