Re: [squid-users] Filtering based on content size. from Supratik Goswami on 2011-04-28 (squid-users)

From: Supratik Goswami <supratik.goswami_at_webyog.com>
Date: Thu, 28 Apr 2011 19:08:17 +0530

@Amos

Thanks for the information.

There is one confusion still in my mind. How reply_body_max_size is
able detect it ?

In the Squid documentation it says:

"This size is checked twice. First when we get the reply headers,
we check the content-length value. If the content length value exists
and is larger than the allowed size, the request is denied and the
user receives an error message that says "the request or reply
is too large." If there is no content-length, and the reply
size exceeds this limit, the client's connection is just closed
and they will receive a partial reply."

So, I think if something similar to reply_body_max_size or any
workaround is present which uses reply_body_max_size directive
then the issue could be easily resolved.

Regards

Supratik

On Thu, Apr 28, 2011 at 6:25 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> On 28/04/11 17:56, Supratik Goswami wrote:
>>
>> @Amos
>>
>> Thanks for your reply.
>>
>> Currently I am using acl to filter file extension .exe, .iso, .zip and
>> using with tcp_outgoing_address
>> I am able to change the source IP and it is working fine with source
>> based routing.
>>
>> I want to filter by size (Ex. 15MB) which I am unable to do it using
>> ACL. On the other hand
>> reply_body_max_size does filtering based on size but I am not able to
>> use it as per my
>> requirement.
>>
>> Is it a limitation of Squid ?
>
> It is a limitation of this universe.
>
> In HTTP the size of a reply is at best-case mentioned in the headers. At which point the connection is already open and the request has already been sent out.
> Worst-case the size is not known until the very last byte has been received.
>
>
>>
>> Please let me know if there is any way to resolve this issue.
>
> There is none which always works. The file extension guessing is nearly close to as Squid can get. Beyond it you are doing things like manually measuring individual sites and adding particular domains to the outgoing address selection. Tedious never ending work.
>
> My advice is to go for load balancing at the operating system level. Load balancing works much simpler down there and you can do things like NAT the outgoing address of new connections based on the proportion of traffic each NIC has received so far (bumpy in the short term, but averages out over many connections).
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.12
> Beta testers wanted for 3.2.0.7 and 3.1.12.1
Received on Thu Apr 28 2011 - 13:38:47 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 28 2011 - 12:00:03 MDT