Content filter not working or me missunderstanding it?

I have web Proxy & Filter activated and in Filter / configuration / edit / black & whitelist there is a field blocked extensions with: exe, zip. So why I still can download exe files? For example I tried to download thunderbird.exe and it was allowed. How is it possible to deny the users to download different filetypes?

Also in email / filter the setting at the bottom under attachements / advanced, where I can add extensions to the predefined doc,odt - when I try to save, there is an error while executing nethserver-mail/filter/update.

Hi Elleni,

what configuration do you use? Tranparent with SSL?
Did you use cockpit or old server manager?

I found, that with cockpit the fileextension is not saved.
Can you please verify with
config show squidguard
The BlockedFileType property is not changed on my system when using cockit.
If yes, it is a bug.

Hello flatspin,

I use transparent - but not with ssl. Yes, I setup and configure system with cockpit.

config show squidguard does not return anything.

In Terminal it should return something like this:

config show squidguard
squidguard=configuration
    BlockedFileTypes=exe
    CustomListURL=
    DomainBlacklist=youtu.be,youtube.com
    DomainWhitelist=windowsupdate.com,microsoft.com
    Expressions=disabled
    IdleChildren=5
    Lists=shalla
    MaxChildren=20
    RedirectUrl=
    RedirectUrlHTTPS=blocked.nethserver.org:443
    StartupChildren=5
    UrlBlacklist=
    UrlWhitelist=

Please show output of
rpm -qa nethserver-squid*

It does now, dont know, I rebooted the server inbetween and was playing around, but now it shows

[root@hostname ~]# config show squidguard
squidguard=configuration
    BlockedFileTypes=exe,zip
    CustomListURL=[/code]
    DomainBlacklist=translate.google
    DomainWhitelist=mydomain.local,ip
    Expressions=disabled
    IdleChildren=5
    Lists=toulouse
    MaxChildren=20
    RedirectUrl=
    RedirectUrlHTTPS=blocked.nethserver.org:443
    StartupChildren=5
    UrlBlacklist=
    UrlWhitelist=

Maybe a typo… Anyway.

rpm -qa nethserver-squid* nethserver-squidclamav-3.1.0-1.ns7.noarch nethserver-squid-1.10.5-1.ns7.noarch nethserver-squidguard-1.9.2-1.ns7.noarch

Just tested, I could still download thunderbird setup.exe @thunderbird.net. And I still cannot successfully modify and safe extensions list in spamd filter settings.

By the whay how where can I change redirect url?

It’s here the same. I can download exe-files although they’re should be blocked. Maybe a limitation of filtering https.

To change the redirect url please have a look at:


Example of cgi-file:

@Elleni

Do you have “Block file extensions” enabled?

grafik

You find it in “Edit Filter” / 2nd “What” / “Advanced Options”

After having setup completely new installation, as I changed from internal ourdomain.local to external ourdomain.work, I checked again.

I can add extensions to web proxy filter. Yes, block extensions is activated. I tried with the following two files and could still download them: Thunderbird.net and sqlexpress express download. For testing purpose I also added pdf to the extension list, and I could still access them.

Within mail proxy I still cannot safe the extension list when adding some extension like exe and or zip. Executing nethserver-mail/filter/update in terminal shows:
No such file or directory

I tried several time to configure it, but I wasn’t able to block such downloads too. :frowning_face:
I’ve to say, never tested it before. But I’m also out of ideas for the moment. :blush:

Has someone an idea what’s wrong @ support_team?

EDIT: Now I found the corresponding threat

It seems it’s a limitation of filtering https-trafic, as I assumed earlier.

Unencrypted HTTPS only shows the domain (www.google.com) it doesn’t see any of the path or parameters.

Does that mean, that it is not possible to filter all those extensions at all, if they are downloaded from https?

Can someone please confirm? Do I understand correctly that filtering file extensions is not possible for https connection but only for unencrypted http, or is this a bug?

Hi

File extensions with https DO pose a problem in my experience.
Especially when we’re talking about proxy or filtering…

Our clients have NO problems saving files with .exe extensions, be it word.exe, thunderbird.exe or cryptoransom.exe…
:slight_smile:

My 2 cents
Andy