[squid-users] reply_body_max_size && external_acl from Robert Gowty on 2012-06-07 (squid-users)

From: Robert Gowty <robert_at_getbusi.com>
Date: Fri, 8 Jun 2012 14:50:34 +1000

I am having problems getting an external acl to work with reply_body_max_size
The steps I have taken are as follows:
1. Define the external_acl_type response_size_check_ext_acl_type

# response_size_check_{pk}_acl pk
external_acl_type response_size_check_ext_acl_type ttl=100 negative_ttl=100 cache=0 children=2 concurrency=20 %EXT_TAG %EXT_LOG /usr/share/bin/ext_acl_payload_check -c 20 --key=response_size_restriction

2. Create a number of acl's using this type in squid.conf, for example, then applying it to reply_body_max_size

acl response_size_13_acl external response_size_check_ext_acl_type 13
http_reply_access allow response_size_13_acl !all
reply_body_max_size 13 MB response_size_13_acl !all

The '13' argument is to tell the external acl what the size restriction is going to be
the next line tests the acl, caching the result as external acl's are 'slow'
the final line, I am expecting to get the cached result and limit max_size to 13MB if 'response_size_13_acl' returns OK.

This is the log from the external acl, which suggests the acl is called and it returns OK

2012-06-08 14:23:18,785 advance.policy.management.commands.ext_acl_payload_check_at_ext_acl_payload_check [24441:177142764] INFO: KEY IS response_size_restriction
2012-06-08 14:23:18,786 advance.policy.management.commands.ext_acl_payload_check_at_ext_acl_payload_check [24441:177142764] INFO: addval ['13']
2012-06-08 14:23:18,786 advance.policy.management.commands.ext_acl_payload_check_at_ext_acl_payload_check [24441:177142764] INFO: VALUES - [13]
2012-06-08 14:23:18,786 advance.policy.management.commands.ext_acl_payload_check_at_ext_acl_payload_check [24441:177142764] INFO: Begining value checking loop
2012-06-08 14:23:18,786 advance.policy.management.commands.ext_acl_payload_check_at_ext_acl_payload_check [24441:177142764] INFO: Other Value type found - ie int
2012-06-08 14:23:18,787 advance.utils.management.base_at_base [24441:177142764] INFO: ext_acl_payload_check Response: '0 OK'

I have tried other 'slow' acl's using this method and it appears to work fine, for example

#TEST USER ACL
acl test_user proxy_auth "/usr/blocked/users_1.txt"
#testing fast/slow performance against cache for reply_body_max_size
http_reply_access allow test_user !all
reply_body_max_size 1 MB test_user

Any thoughts would be most welcome
Received on Fri Jun 08 2012 - 04:50:47 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 08 2012 - 12:00:02 MDT