Re: [squid-users] reply body max size: crash or not? from Tianyin Xu on 2012-03-29 (squid-users)

From: Tianyin Xu <tixu_at_cs.ucsd.edu>
Date: Thu, 29 Mar 2012 11:02:11 -0700

Hi, Amos,

Thanks a lot for the response!!
The thing I'm still not clear is that it still works when I set the
limit to "1 bytes" which is obviously less than the size of any error
message. So, it means any small setting of this directive won't cause
infinite loop/crash results but only limit the response objects. Am I
right?

This brings the fundamental difference to me. If it may fall into an
infinite loop, the admin should be really cautious and conservative.
Otherwise, it doesn't matter too much (at most reject sth) and can be
set aggressively.

Thanks a lot!
T

On Thu, Mar 29, 2012 at 12:52 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 29/03/2012 6:21 p.m., Tianyin Xu wrote:
>>
>> Hi, all,
>>
>> I'm new to Squid proxy server, and I'm learning to do admin jobs
>> related to Squid.
>>
>> I have a question on the "reply_body_max_size" directive. From the
>> manual, I notice that:
>>
>> WARNING: A maximum size smaller than the size of squid's error message
>> will cause an infinite loop and crash squid. Ensure that the
>> smallest
>> non-zero value you use is greater that the maximum header size
>> plus
>> the size of your largest error page.
>>
>> To see the consequence of setting a too small configuration values, I set
>>
>> reply_body_max_size 1 bytes
>>
>> in the squid.conf, start squid, and then use my browser to access
>> webpage like Google and Facebook. But it seems that there's no
>> infinite loop or system crash. The system behavior is really correct
>> that reject all these access. So is this an already fixed problem (the
>> manual is out-of-date) so that I don't need to worry? Or it's still
>> possible to cause the crash?
>
>
> IIRC it has been fixed. But may still show up on some older versions. The
> worst cases were where the "error" is an authentication challenge and that
> being blocked causes some nasty behaviours.
>
> This is a limit on the response objects. Squid error pages are all just a
> few KB. So when setting a small limit which might affect them keep in mind
> all the web pages or scripts your users may need to load which are hundreds
> of KB.
>
> Amos
>

-- 
Tianyin XU,
http://cseweb.ucsd.edu/~tixu/

Received on Thu Mar 29 2012 - 18:02:18 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 01 2012 - 12:00:04 MDT