I have web Proxy & Filter activated and in Filter / configuration / edit / black & whitelist there is a field blocked extensions with: exe, zip. So why I still can download exe files? For example I tried to download thunderbird.exe and it was allowed. How is it possible to deny the users to download different filetypes?
Also in email / filter the setting at the bottom under attachements / advanced, where I can add extensions to the predefined doc,odt - when I try to save, there is an error while executing nethserver-mail/filter/update.
what configuration do you use? Tranparent with SSL?
Did you use cockpit or old server manager?
I found, that with cockpit the fileextension is not saved.
Can you please verify with config show squidguard
The BlockedFileType property is not changed on my system when using cockit.
If yes, it is a bug.
Just tested, I could still download thunderbird setup.exe @thunderbird.net. And I still cannot successfully modify and safe extensions list in spamd filter settings.
After having setup completely new installation, as I changed from internal ourdomain.local to external ourdomain.work, I checked again.
I can add extensions to web proxy filter. Yes, block extensions is activated. I tried with the following two files and could still download them: Thunderbird.net and sqlexpress express download. For testing purpose I also added pdf to the extension list, and I could still access them.
Within mail proxy I still cannot safe the extension list when adding some extension like exe and or zip. Executing nethserver-mail/filter/update in terminal shows:
No such file or directory
I tried several time to configure it, but I wasn’t able to block such downloads too.
I’ve to say, never tested it before. But I’m also out of ideas for the moment.
Has someone an idea what’s wrong @ support_team?
EDIT: Now I found the corresponding threat
It seems it’s a limitation of filtering https-trafic, as I assumed earlier.
Can someone please confirm? Do I understand correctly that filtering file extensions is not possible for https connection but only for unencrypted http, or is this a bug?