Re: [squid-users] acl using Content-Length

From: Mikio Kishi <mkishi_at_104.net>
Date: Thu, 17 Sep 2009 21:31:41 +0900

Hi, Amos and Henrik

> The only problem will be objects without any Content-Length, of which there
> are still many.

In this case, I hope that "acl MAX100Mbyte" becomes "false".
What do you think ?

Sincerely,

--
Mikio Kishi
On Tue, Sep 15, 2009 at 8:55 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On Mon, 14 Sep 2009 22:44:36 +0900, Mikio Kishi <mkishi_at_104.net> wrote:
>> Hi, Leonardo
>>
>>> not directly that way ..... you'll have to use reply_body_max_size
>>> for that.
>>>
>>> you'll have to define your other ACLs and merge them with
>>> reply_body_max_size which takes the maximum site as argument.
>>
>> I'd like to use it to control icap access.
>
> ACL for Squid-3 are easily created.  If you are able to sponsor the work
> I'm sure we can get something done soon that uses Content-Length.
>
> The only problem will be objects without any Content-Length, of which there
> are still many. These will have to be covered by some 'other' setting.
>
> Amos
>
>>
>> For example,
>>
>>> acl MAX100Mbyte rep_max_content_length 100M
>>> icap_service av respmod_precache 1 icap://127.0.0.1:1344/av/respmod
>>> icap_class respmod av
>>> icap_access respmod deny MAX100Mbyte
>>> icap_access respmod allow all
>>
>> I can't apply "reply_body_max_size" to above....
>>
>> Sincerely,
>>
>> --
>> Mikio Kishi
>>
>>
>> On Mon, Sep 14, 2009 at 10:26 PM, Leonardo Rodrigues
>> <leolistas_at_solutti.com.br> wrote:
>>> Mikio Kishi escreveu:
>>>
>>>
>>>
>>> For example
>>>
>>> acl MAX100Mbyte rep_max_content_length 100M
>>>
>>>
>>>
>>> Is it possible ?
>>>
>>>
>>>     not directly that way ..... you'll have to use   reply_body_max_size
>>> for that.
>>>
>>>     you'll have to define your other ACLs and merge them with
>>> reply_body_max_size which takes the maximum site as argument.
>>>
>>>
>>>
>>> #  TAG: reply_body_max_size     bytes allow|deny acl acl...
>>> #       This option specifies the maximum size of a reply body in bytes.
>>> #       It can be used to prevent users from downloading very large
>>> files,
>>> #       such as MP3's and movies. When the reply headers are received,
>>> #       the reply_body_max_size lines are processed, and the first line
>>> with
>>> #       a result of "allow" is used as the maximum body size for this
>>> reply.
>>> #       This size is checked twice. First when we get the reply headers,
>>> #       we check the content-length value.  If the content length value
>>> exists
>>> #       and is larger than the allowed size, the request is denied and
>>> the
>>> #       user receives an error message that says "the request or reply
>>> #       is too large." If there is no content-length, and the reply
>>> #       size exceeds this limit, the client's connection is just closed
>>> #       and they will receive a partial reply.
>>> #
>>> #       WARNING: downstream caches probably can not detect a partial
>>> reply
>>> #       if there is no content-length header, so they will cache
>>> #       partial responses and give them out as hits.  You should NOT
>>> #       use this option if you have downstream caches.
>>> #
>>>
>>> --
>>>
>>>
>>>      Atenciosamente / Sincerily,
>>>      Leonardo Rodrigues
>>>      Solutti Tecnologia
>>>      http://www.solutti.com.br
>>>
>>>      Minha armadilha de SPAM, NÃO mandem email
>>>      gertrudes_at_solutti.com.br
>>>      My SPAMTRAP, do not email it
>>>
>>>
>>>
>
Received on Thu Sep 17 2009 - 12:31:44 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 17 2009 - 12:00:03 MDT