Re: [squid-users] problem with reply_body_max_size and external ACL

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 14 Nov 2008 02:05:09 +1300

Razvan Grigore wrote:
> Hello,
>
> I recently updated to squid3.0/STABLE10 and I'm trying to configure a
> working solution integrated with MS Active directory.
>
> Group checking is working fine, but reply_body_max_size is not working
> with my external acl helper.
>
> here's the relevant config part:
>
> external_acl_type ad_group children=3 ttl=120 %LOGIN
> /usr/lib/squid/wbinfo_group.pl
>
> acl limitadownload external ad_group o-ro-cod-internet-limitadownload
>
> acl intranet src 10.61.0.0/16
>
> if i try:
>
> reply_body_max_size 15 MB intranet
> reply_body_max_size 500 KB all
>
> It works as expected.
>
> however, if i try:
>
> reply_body_max_size 15 MB limitadownload all (even without all)
> reply_body_max_size 500 KB all
>
> it's not working at all, it gives me 500 kb limit.
>
> I should mention that wbinfo_group.pl is giving me OK in command promt
> when checking the group membership.
>
> What should I do?

Report the bug.

Based on this and a few other occurrences I'm beginning to suspect that
credential re-checks are missing on all reply controls.
After all, who would guess that users who authenticated to make a
request would have to re-authenticate to get the reply?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
   Current Beta Squid 3.1.0.2
Received on Thu Nov 13 2008 - 13:05:16 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 18 2008 - 12:00:03 MST