Re: [squid-users] About reply_body_max_size

On 06/06/11 06:24, Odhiambo WASHINGTON wrote:
> Reading squid.conf.documented for 3.1.9, I see this portion:
>
> TAG: reply_body_max_size size [acl acl...]
> # This option specifies the maximum size of a reply body. It can be
> # used to prevent users from downloading very large files, such as
> # MP3's and movies. When the reply headers are received, the
> # reply_body_max_size lines are processed, and the first line where
> # all (if any) listed ACLs are true is used as the maximum body size
> # for this reply.
> #
> # This size is checked twice. First when we get the reply headers,
> # we check the content-length value. If the content length value exists
> # and is larger than the allowed size, the request is denied and the
> # user receives an error message that says "the request or reply
> # is too large." If there is no content-length, and the reply
> # size exceeds this limit, the client's connection is just closed
> # and they will receive a partial reply.
> #
> # WARNING: downstream caches probably can not detect a partial reply
> # if there is no content-length header, so they will cache
> # partial responses and give them out as hits. You should NOT
> # use this option if you have downstream caches.
> #
> # WARNING: A maximum size smaller than the size of squid's error messages
> # will cause an infinite loop and crash squid. Ensure that the smallest
> # non-zero value you use is greater that the maximum header size plus
> # the size of your largest error page.
> #
> # If you set this parameter none (the default), there will be
> # no limit imposed.
> #
> # Configuration Format is:
> # reply_body_max_size SIZE UNITS [acl ...]
> # ie.
> # reply_body_max_size 10 MB
>
> Now, having the following line causes squid (3.1.9) to grok:
>
> reply_body_max_size 0 KB deny all
>
>
> squid -k parse gives this:
>
> 2011/06/05 21:03:05| aclParseAclList: ACL name 'KB' not found.
> FATAL: Bungled squid.conf line 60: reply_body_max_size 0 KB deny all
> Squid Cache (Version 3.1.9): Terminated abnormally.
> CPU Usage: 0.007 seconds = 0.007 user + 0.000 sys
> Maximum Resident Size: 4376 KB
> Page faults with physical i/o: 0
>
>
> Where is the problem?
>

There are two special cases for traffic size:

  "0". Meaning no body is permitted.
  "none". Meaning no limit applied or "unlimited" size.

Units are not relevant on these and Squid does not currently accept any.
You can still add ACLs after these special values to indicate _when_
they apply.

NP: the default is not to limit any replies.
     An implicit: "reply_body_max_size none all".

The word "deny" is also not relevant in reply_body_max_size.

Squid ACL lines have a general syntax "$directive $value $conditions".
The $value applies only when the $conditions are all matching.
  In the case of http_access the $value is permission or rejection
(allow/deny). In reply_body_max_size the $value is the limit being set.
So what you would be used to as allow/deny elsewhere is written "n KB" here.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.8 and 3.1.12.2