Re: [squid-users] reply_body_max_size && external_acl

Hi Amos,

Thanks for that, but alas, still no luck. Using the proxy_auth example
I included in the post gives us enough of the functionality we need
for the moment so we are going to go with that. When time permits we
will return to this issue and post more detail as it comes to light.

Thanks again.

Cheers
Rob

On 12 June 2012 16:49, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> On 12/06/2012 4:15 p.m., Robert Gowty wrote:
>>
>> Hi Amos, I have been trying the reply_body_max_size without the !all as
>> you
>>  suggest, however I get the same outcome - download sizes aren't being
>> restricted. We have used this schema with other directives such as
>> delay_pools with out any problems so we are fairly sure the external
>> acl's are doing everything they should be doing. As I mentioned
>> reply_body_max_size works as expected with other types of acl's such
>> as the proxy_auth example, is does seem the reply_body_max_size and
>> external acl's have a problem working together....any thoughts?
>
>
> I just clicked .... the extern ACL parameter " cache=0 " means you are not
> storing the external ACL results for later use by other access tests.
> There is no way reply_body_max_size can re-run the helper lookup, so no
> match. Remove that parameter and your TTL values will start to work.
>
> Amos
>
>>
>> cheers
>> Rob
>>
>>
>> On 8 June 2012 17:41, Amos Jeffries wrote:
>>>
>>> On 8/06/2012 4:50 p.m., Robert Gowty wrote:
>>>>
>>>> I am having problems getting an external acl to work with
>>>> reply_body_max_size
>>>> The steps I have taken are as follows:
>>>> 1. Define the external_acl_type response_size_check_ext_acl_type
>>>>
>>>> # response_size_check_{pk}_acl pk
>>>> external_acl_type response_size_check_ext_acl_type ttl=100
>>>> negative_ttl=100 cache=0 children=2 concurrency=20 %EXT_TAG %EXT_LOG
>>>> /usr/share/bin/ext_acl_payload_check -c 20
>>>> --key=response_size_restriction
>>>>
>>>> 2. Create a number of acl's using this type in squid.conf, for example,
>>>> then applying it to reply_body_max_size
>>>>
>>>> acl response_size_13_acl external response_size_check_ext_acl_type 13
>>>> http_reply_access allow response_size_13_acl !all
>>>> reply_body_max_size 13 MB response_size_13_acl !all
>>>
>>>
>>> The purpose of the "!all" is to prevent the response_size_13_acl match
>>> doing an allow. "!all" will always be a false/no-match.
>>>
>>> So... using it on reply_body_max_size has the same effect of making sure
>>> that line is never used.
>>>
>>> What you need is this:
>>>
>>>    http_reply_access allow response_size_13_acl !all
>>>    reply_body_max_size 13 MB response_size_13_acl
>>>
>>> Amos
>>
>>
>>
>>
>> --
>> Robert Gowty
>> CTO
>>
>> Getbusi
>> 1 College Road
>> Sandy Bay, TAS, 7005.
>>
>> Phone: (03) 6226 6268
>> www.getbusi.com
>
>

--
Robert Gowty
CTO
Getbusi
1 College Road
Sandy Bay, TAS, 7005.
Phone: (03) 6226 6268
www.getbusi.com