Re: AW: [squid-users] reply_body_max_size ACLs ignored? (solved)

Have you made sure the ident lookup have completed?

Regards
Henrik

On Wed, 12 Nov 2003 Werner.Rost@zf.com wrote:

> And why does it not work für me???????????
>
> Version 2.5.STABLE4
>
> Squid.conf:
>
> acl user_rost ident rost
> <snip>
> reply_body_max_size 0 allow user_rost
> reply_body_max_size 2000000 allow all
>
> Trying to download a file of about 100 MB gives I get the message
> ERR_TOO_BIG.
>
> access.log shows:
>
> <snip>
>
> 1068652370.557 3282 10.23.5.121 TCP_MISS/304 421 GET
> http://www.microsoft.com/products/shared/images/jump2.gif rost
> FIRST_UP_PARENT/fu0270.zff.zf-group.de image/gif
> 1068652371.608 1050 10.23.5.121 TCP_DENIED/403 1840 GET
> http://download.microsoft.com/download/win2000platform/SP/SP2/NT5/EN-US/W2KS
> P2.exe rost FIRST_UP_PARENT/fu0270.zff.zf-group.de text/html
>
>
>
>
> Mit freundlichem Gruß / regards
>
> Werner Rost
> GM-FIR - Netzwerk
>
> ZF Boge Elastmetall GmbH
> Friesdorfer Str. 175
> 53175 Bonn
>
> Tel. +49 228 38 25 - 420
> Fax +49 228 38 25 - 398
> mailto:werner.rost@zf.com
> www.zf.com/boge-elastmetall
>
>
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: David Landgren [mailto:david@landgren.net]
> > Gesendet: Mittwoch, 12. November 2003 14:51
> > An: Henrik Nordstrom
> > Cc: squid-users@squid-cache.org
> > Betreff: Re: [squid-users] reply_body_max_size ACLs ignored? (solved)
> >
> >
> > Henrik Nordstrom wrote:
> > > On Tue, 4 Nov 2003, David Landgren wrote:
> > >
> > >
> > >>reply_body_max_size 0 allow user_davidl user_tomn
> > >
> > >
> > > This is a contradiction and can never be true. The same request can
> > > not
> > > come from both users at the same time.
> > >
> > > What you want is a single ACL listing all users in this category of
> > > users,
> > > and then refer to this single acl in reply_body_max_size.
> > The logics of
> > > reply_body_max_size is idendical to that of http_access:
> > >
> > > Squid FAQ 10.1 Access Controls Introduction
> > > <url:http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.1>
> >
> > Just for the record, this was indeed the problem. I'm kicking
> > myself for
> > not having thought about ANDing ACLs. I've changed the above to
> >
> > reply_body_max_size 0 allow user_davidl
> > reply_body_max_size 0 allow user_tomn
> >
> > and of course everything works correctly now. Thanks Henrik.
> >
> > David
> > --
> > Commercial OS breeds commerce, whereas free OS breeds
> > freedom, the only thing more dangerous and confusing than commerce.
> > -- Michael R. Jinks, redhat-list, circa 1997
> >
>
Received on Wed Nov 12 2003 - 15:02:08 MST