On 30/07/11 07:32, Andrei wrote:
> Ok. I got it fixed after reading the FAQ and changing the values to:
> request_header_max_size 15824 KB
> request_body_max_size 15824 KB
> reply_header_max_size 15824 KB
> reply_body_max_size 15824 KB
>
> Is there any way to set these max_sizes to unlimited?
>
The body limits are unlimited by default. Remove the *_body_max_size
lines from your config to be that way.
The header limits are your front line protection against several
_groups_ of very nasty security vulnerabilities. And congestion collapse
within Squid. Making then unlimited is an extremely unwise idea.
The default values are 64KB. And HTTP only uses 1-4KB. So already over
an order of magnitude larger than normal HTTP requires. And larger than
every known web server and browser permit. The default limits are
usually only hit when somebody attempts a DoS.
I see from your config that you set them to 0. That means 0 bytes of
length is permitted, 1 byte is too large.
Remove the *_header_max_size lines from your config to enable up to
64KB headers through.
Amos
>
> On Fri, Jul 29, 2011 at 12:06 PM, Andrei<funactivities_at_gmail.com> wrote:
>> I'm getting this error message:
>> http://yahoo.com/
>> The requested URL could not be retrieved
>> The request or reply is too large.
>> If you are making a POST or PUT request, then the item you are trying
>> to upload is too large.
>> If you are making a GET request, then the item you are trying to
>> download is too large.
>>
>> Squid access logs show:
>> 1311965841.744 0 176.16.0.161 TCP_DENIED_REPLY/403 3643 NONE
>> error:request-too-large - NONE/- text/html
>>
>> I assume that reply_header_max_size are and request_header_max_size
>> are set by default to unlimited in v3m but adding manually
>> reply_header_max_size 40 M and request_header_max_size 40 M still
>> gives me the same error message.
>>
>> I'm running:
>> Squid Cache: Version 3.1.6
>> Debian stable 6.0.2.1
>> DualXeon 3GhZ, 250GB SCSI, 4GB RAM
>>
>> Config file:
>>
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8
>> acl localnet src 172.16.0.0/21 # RFC1918 possible internal network
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>> request_header_max_size 0
>> request_body_max_size 0
>> reply_header_max_size 0
>> reply_body_max_size 0
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access allow localhost
>> http_access allow localnet
>> http_access allow all
>> icp_access allow all
>> htcp_access allow all
>> http_port 3128 transparent
>> hierarchy_stoplist cgi-bin ?
>> cache_mem 1024 MB
>> cache_dir ufs /var/spool/squid3 40960 16 256
>> coredump_dir /var/spool/squid3
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 40% 40320
>> icp_port 0
>> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
>> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
>> refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
>> override-expire ignore-no-cache ignore-no-store ignore-private
>> refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200
>> 90% 432000 override-expire ignore-no-cache ignore-no-store
>> ignore-private
>> refresh_pattern -i
>> \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200
>> override-expire ignore-no-cache ignore-no-store ignore-private
>>
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10Received on Fri Jul 29 2011 - 23:56:18 MDT
This archive was generated by hypermail 2.2.0 : Sat Jul 30 2011 - 12:00:02 MDT