Re: [squid-users] acl using Content-Length from Mikio Kishi on 2009-09-14 (squid-users)

From: Mikio Kishi <mkishi_at_104.net>
Date: Mon, 14 Sep 2009 22:44:36 +0900

Hi, Leonardo

> not directly that way ..... you'll have to use reply_body_max_size
> for that.
>
> you'll have to define your other ACLs and merge them with
> reply_body_max_size which takes the maximum site as argument.

I'd like to use it to control icap access.

For example,

> acl MAX100Mbyte rep_max_content_length 100M
> icap_service av respmod_precache 1 icap://127.0.0.1:1344/av/respmod
> icap_class respmod av
> icap_access respmod deny MAX100Mbyte
> icap_access respmod allow all

I can't apply "reply_body_max_size" to above....

Sincerely,

--
Mikio Kishi
On Mon, Sep 14, 2009 at 10:26 PM, Leonardo Rodrigues
<leolistas_at_solutti.com.br> wrote:
> Mikio Kishi escreveu:
>
>
>
> For example
>
> acl MAX100Mbyte rep_max_content_length 100M
>
>
>
> Is it possible ?
>
>
>     not directly that way ..... you'll have to use   reply_body_max_size
> for that.
>
>     you'll have to define your other ACLs and merge them with
> reply_body_max_size which takes the maximum site as argument.
>
>
>
> #  TAG: reply_body_max_size     bytes allow|deny acl acl...
> #       This option specifies the maximum size of a reply body in bytes.
> #       It can be used to prevent users from downloading very large files,
> #       such as MP3's and movies. When the reply headers are received,
> #       the reply_body_max_size lines are processed, and the first line with
> #       a result of "allow" is used as the maximum body size for this reply.
> #       This size is checked twice. First when we get the reply headers,
> #       we check the content-length value.  If the content length value
> exists
> #       and is larger than the allowed size, the request is denied and the
> #       user receives an error message that says "the request or reply
> #       is too large." If there is no content-length, and the reply
> #       size exceeds this limit, the client's connection is just closed
> #       and they will receive a partial reply.
> #
> #       WARNING: downstream caches probably can not detect a partial reply
> #       if there is no content-length header, so they will cache
> #       partial responses and give them out as hits.  You should NOT
> #       use this option if you have downstream caches.
> #
>
> --
>
>
> 	Atenciosamente / Sincerily,
> 	Leonardo Rodrigues
> 	Solutti Tecnologia
> 	http://www.solutti.com.br
>
> 	Minha armadilha de SPAM, NÃO mandem email
> 	gertrudes_at_solutti.com.br
> 	My SPAMTRAP, do not email it
>
>
>

Received on Mon Sep 14 2009 - 13:44:39 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 12:00:02 MDT