AW: [squid-users] reply_body_max_size ACLs ignored? (solved) from Werner.Rost@dont-contact.us on 2003-11-12 (squid-users)

From: <Werner.Rost@dont-contact.us>
Date: Wed, 12 Nov 2003 17:10:15 +0100

And why does it not work für me???????????

Version 2.5.STABLE4

Squid.conf:

       acl user_rost ident rost
         <snip>
       reply_body_max_size 0 allow user_rost
       reply_body_max_size 2000000 allow all

Trying to download a file of about 100 MB gives I get the message
ERR_TOO_BIG.

access.log shows:

<snip>

1068652370.557 3282 10.23.5.121 TCP_MISS/304 421 GET
http://www.microsoft.com/products/shared/images/jump2.gif rost
FIRST_UP_PARENT/fu0270.zff.zf-group.de image/gif
1068652371.608 1050 10.23.5.121 TCP_DENIED/403 1840 GET
http://download.microsoft.com/download/win2000platform/SP/SP2/NT5/EN-US/W2KS
P2.exe rost FIRST_UP_PARENT/fu0270.zff.zf-group.de text/html

Mit freundlichem Gruß / regards

Werner Rost
GM-FIR - Netzwerk

ZF Boge Elastmetall GmbH
Friesdorfer Str. 175
53175 Bonn

Tel. +49 228 38 25 - 420
Fax +49 228 38 25 - 398
mailto:werner.rost@zf.com
www.zf.com/boge-elastmetall

> -----Ursprüngliche Nachricht-----
> Von: David Landgren [mailto:david@landgren.net]
> Gesendet: Mittwoch, 12. November 2003 14:51
> An: Henrik Nordstrom
> Cc: squid-users@squid-cache.org
> Betreff: Re: [squid-users] reply_body_max_size ACLs ignored? (solved)
>
>
> Henrik Nordstrom wrote:
> > On Tue, 4 Nov 2003, David Landgren wrote:
> >
> >
> >>reply_body_max_size 0 allow user_davidl user_tomn
> >
> >
> > This is a contradiction and can never be true. The same request can
> > not
> > come from both users at the same time.
> >
> > What you want is a single ACL listing all users in this category of
> > users,
> > and then refer to this single acl in reply_body_max_size.
> The logics of
> > reply_body_max_size is idendical to that of http_access:
> >
> > Squid FAQ 10.1 Access Controls Introduction
> > <url:http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.1>
>
> Just for the record, this was indeed the problem. I'm kicking
> myself for
> not having thought about ANDing ACLs. I've changed the above to
>
> reply_body_max_size 0 allow user_davidl
> reply_body_max_size 0 allow user_tomn
>
> and of course everything works correctly now. Thanks Henrik.
>
> David
> --
> Commercial OS breeds commerce, whereas free OS breeds
> freedom, the only thing more dangerous and confusing than commerce.
> -- Michael R. Jinks, redhat-list, circa 1997
>
Received on Wed Nov 12 2003 - 09:09:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:15 MST