Intercepting downloads with ipfire

I’m new to this vibrant community and I’m excited to be here!
I’m reaching out to all of you wonderful folks because I’m eager to learn more about configuring an IP Fire server to intercept downloads. I’ve been exploring this topic recently. This endeavor is part of my college project, and I must admit, I’ve been intrigued by the concept ever since my professor introduced me to IP Fire. I wonder if IP Fire could intercept the download files say jpg, pdf files that are being downloaded by a user in the network.
Whether you have tips, resources, or personal experiences to share, I would greatly appreciate any guidance you can offer. Your insights could make a significant difference in my learning journey.
Thank you all in advance for your help and support!

Hi and welcome,

I am not an expert, but from my point of view Ipfire does not give you the possibility to select different file formats to prevent a download. This would require other programs.
But I also have the question, why should you even try to intercepting the download of pdf or jpg files if they are available or offered?

1 Like

I think it is found here.

I have not enabled the Proxy myself.
So this is about the extent of my help here.
The IPFire docs sould be your first
Source of information.
Good luck.

1 Like

With the squid Proxy, I have never noticed this little sentence there down under :smiley:

1 Like

A key thing to understand is that the Web Proxy is only able to filter traffic that is being accessed from http websites.

https websites can not be filtered as the traffic is encrypted and the decryption occurs at the users browser and the web site so in the web proxy the traffic is just unintelligible characters.
The only filtering that can be done with https sites is at the top level domain as that is not encrypted otherwise you wouldn’t know where to send the traffic. However that filtering is better done via the IP Address Block List option in IPFire I think.

This is why for most situations the web proxy is becoming less relevant as the majority of traffic is now from https sites.


@bonnietwin If I may ask, Adolf, are you then saying in effect that the Web Proxy is no longer even necessary, should I not even bother to enable it? (I do have it enabled currently)

Currently content filtering is done more with DNS classification rather than use of squid/proxy server.
Squid introduced SslPeekAndSplice as a way to keep monitoring http traffic while allowing correct use of https.

still available in Squid5.
however, not everyone consider this feature that useful or “a good option”. Without proxy, there’s no actual control of what’s been downloaded via http/https.

You can use the url filter or it may be useful to restrict the Internet with user password settings or in the available ports.
If there are a large number of users, it makes sense to log the history. So I don’t think the squid proxy is all that superfluous, I still use it.

1 Like

@mumpitz Thank you for your reply, however, currently, IPFire is only being used at home, with only me as a user, so there are not a large number of users at all. I am testing IPFire for suitabilty at a client that has a callcentre, that is where the Web Proxy will come in handy.

My understanding is this feature is not available in IPFire.
It is basically a man in the middle attack
On your self.

I have the same understanding too. IMVHO a very unfortunate decision.

Proxy servers basically are MITM, they’re designed to work that way, more or less as a mailserver which stores the data for being provided when requested (but with different goals… whatever… they are not that different).
The part attack IMVHO is… misleading to say the least for Peek and splice. Proxy will know the destination url (as any proxy server does) wont’ intercept the content. PeekAndSplice for working (as far as i know) does not need the installation as CA/reliable source of the proxy certificate, while any web-and-mail-inspecting client antivirus does… and acts as MITM between internet and your software for being aware of what kind of data are you gonna write on your RAM or storage.

Respectfully, I disagree with the “unfortunate decision” characterization.

I don’t want ANY upstream inspection of my connections, even if only to determine with whom I interact.

MY activities are MY business.

And i respectfully disagree with your disagreement :slight_smile:

Proxy server is a function than the firewall sysadmin or network admin can enable and configure to use into the network, for define the connection of the clients and survey them. I would like to emphasize again can.
Not allowing peek and splice approach, IPFire currently can’t log https traffic in any way, only DNS queries, eventually the firewall rules compliance or not with the decision taken according to the rules. Only HTTP, unless…

Note - For the URL filter to work with https, the Advanced Web Proxy must be in Conventional Mode (non-transparent mode). If the Advance Web Proxy is setup in Transparent Mode, then URL filtering will not take place with https traffic.

In any case, @redneckmother, your ISP for being allowed to do ISP business, will keep logs of traffic of any kind, is a law requirement. If you’re gonna say “i use VPN services” you create to logsets. One on the ISP, another on the VPN provider.

Internet traffic coming from any of the hosts is considered resposibility of the subscriber, which might or might not be willing to provide itself some… evidence that “yes, was coming from my payed ISP service, however was not done or allowed by any means by me”.
If you pay for ISP and the firewall, maybe you will not enabled it. However, if it’s a business-related connection and other people are working there, maybe some logs about traffic might be requested.

1 Like