Content filter not working or me missunderstanding it?

I have web Proxy & Filter activated and in Filter / configuration / edit / black & whitelist there is a field blocked extensions with: exe, zip. So why I still can download exe files? For example I tried to download thunderbird.exe and it was allowed. How is it possible to deny the users to download different filetypes?

Also in email / filter the setting at the bottom under attachements / advanced, where I can add extensions to the predefined doc,odt - when I try to save, there is an error while executing nethserver-mail/filter/update.

Hi Elleni,

what configuration do you use? Tranparent with SSL?
Did you use cockpit or old server manager?

I found, that with cockpit the fileextension is not saved.
Can you please verify with
config show squidguard
The BlockedFileType property is not changed on my system when using cockit.
If yes, it is a bug.

Hello flatspin,

I use transparent - but not with ssl. Yes, I setup and configure system with cockpit.

config show squidguard does not return anything.

In Terminal it should return something like this:

config show squidguard

Please show output of
rpm -qa nethserver-squid*

It does now, dont know, I rebooted the server inbetween and was playing around, but now it shows

[root@hostname ~]# config show squidguard

Maybe a typo… Anyway.

rpm -qa nethserver-squid* nethserver-squidclamav-3.1.0-1.ns7.noarch nethserver-squid-1.10.5-1.ns7.noarch nethserver-squidguard-1.9.2-1.ns7.noarch

Just tested, I could still download thunderbird setup.exe And I still cannot successfully modify and safe extensions list in spamd filter settings.

By the whay how where can I change redirect url?

It’s here the same. I can download exe-files although they’re should be blocked. Maybe a limitation of filtering https.

To change the redirect url please have a look at:

Example of cgi-file:


Do you have “Block file extensions” enabled?


You find it in “Edit Filter” / 2nd “What” / “Advanced Options”

After having setup completely new installation, as I changed from internal ourdomain.local to external, I checked again.

I can add extensions to web proxy filter. Yes, block extensions is activated. I tried with the following two files and could still download them: and sqlexpress express download. For testing purpose I also added pdf to the extension list, and I could still access them.

Within mail proxy I still cannot safe the extension list when adding some extension like exe and or zip. Executing nethserver-mail/filter/update in terminal shows:
No such file or directory

I tried several time to configure it, but I wasn’t able to block such downloads too. :frowning_face:
I’ve to say, never tested it before. But I’m also out of ideas for the moment. :blush:

Has someone an idea what’s wrong @ support_team?

EDIT: Now I found the corresponding threat

It seems it’s a limitation of filtering https-trafic, as I assumed earlier.

Unencrypted HTTPS only shows the domain ( it doesn’t see any of the path or parameters.

Does that mean, that it is not possible to filter all those extensions at all, if they are downloaded from https?

Can someone please confirm? Do I understand correctly that filtering file extensions is not possible for https connection but only for unencrypted http, or is this a bug?


File extensions with https DO pose a problem in my experience.
Especially when we’re talking about proxy or filtering…

Our clients have NO problems saving files with .exe extensions, be it word.exe, thunderbird.exe or cryptoransom.exe…

My 2 cents