Squid proxy (1): how to restrict the files above 2MB -- please help me

b:z · 04-01-2005, 01:50 AM

my localnetwork connect Internet through Linux gateway, all traffic transferd to port 8080 of Squid proxy. Client in localnetwork can access Internet to get file or tool for their work. However having some trouble is users get files or software very big : over 10MB.
How can i restrict file above 2MB, it's mean Squid proxy only allow the files below 2MB.

If we can control Squid solve my problem, please show me the way to do, or else please give me the best solution for this. Thank you very much.

overlord73 · 04-01-2005, 02:10 AM

squid has a parameter to control the maxfilesize to CACHE, think what you are looking for (to block ACCESS) should be solved by an ACL

b:z · 04-01-2005, 02:36 AM

Thanks for your reply, however i can't understand clear about your idea.
Example i want to deny all of the files above 2MB. How can i do it with ACL or what.
Please tell me about specific.
Thank you very much.

b:z · 04-01-2005, 04:27 AM

Everybody, please help me.
I also refer SQUID document on squid-cache.org.

linuxxed · 04-01-2005, 07:32 AM

Look at reply_body_max_size

http://euler.aero.iitb.ac.in/docs/we...4s1/tuning.htm

b:z · 04-01-2005, 08:52 AM

Quote:

Tag Name
reply_body_max_size

Usage
reply_body_max_size (KB)

Description

This option specifies the maximum size of a reply body. It can be used to prevent users from downloading very large files, such as MP3's and movies. The reply size is checked twice. First when we get the reply headers, we check the content-length value. If the content length value exists and is larger than this parameter, the request is denied and the user receives an error message that says "the request or reply is too large." If there is no content-length, and the reply size exceeds this limit, the client's connection is just closed and they will receive a partial reply.

Default
If this parameter is set to zero (the default), there will be no limit imposed.
reply_body_max_size 0

Example
-

Caution
Downstream caches probably cannot detect a partial reply if there is no content-length header, so they will cache partial responses and give them out as hits. You should NOT use this option if you have downstream caches

Thanks for your help, however the problem is:
++ Can determine who restricted, who is none restricted?

How can i solve the problem here? Please help me, or else please give me another solution to do it.
Thank you very much.

linuxxed · 04-01-2005, 10:43 AM

Explain clearly what you wish to achieve?

b:z · 04-03-2005, 10:48 PM

Quote:

Explain clearly what you wish to achieve?

The clients in my localnetwork usually download big files or big software. This matter can be solved by deny file type (ex: .exe, .zip, .rar, .rpm,..), however some software and files rather small and they will be served client's working purpose. The same point is under 2MB. So, i want to restrict files over 2MB request from clients.
How can i do it? I have also used "reply_body_max_size", however it can not work right, even i surf web, everything is denied.
Please help me solve the problem.

ashokncse · 04-22-2010, 02:41 AM

reply_body_max_size not working for https sites
can anybody help me?