HI, thanks for the quick response, i have a line like the one you mentioned above my replay_body.. line, however further above that line i have the following line aswell "hhtp_reply_access deny differentacl" could this be causing a confliction error or something like that, if not then i have the lines you suggested in place and still dont get a restriction working Thanks Cam ps.i hope im replaying to this the correct way On Wed, May 30, 2012 at 5:07 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 30/05/2012 6:05 p.m., Cameron Charles wrote: >> >> Hi, >> >> I am trying to use an external acl to "toggle" a reply_body_max_size, >> so im my conf i have the following >> >> reply_body_max_size 1 MB extaclname >> >> and extaclname is setup to run a check on some data and return its >> findings with an OK or ERR, the ext acl works correctly as its used >> elsewhere in squids workings but i cannot get it restrict the reply >> size when it should be, in fact it appears never to "run" the acl as >> some debug message in the external check are never fired >> >> I have found this very old posting >> http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg59937.html >> which mentions " you may be able to get this to work then by adding >> the ACL test to an http_reply_access line as well." but im not sure >> how to implement this in anyway that would affect the line i have >> above > > > http_reply_access is tested on first receiving the reply. You run the ACL > test there and its result gets cached for use by the reply_body_max_size > test later. > > http_reply_access allow extaclname !all > > note the "!all" that is important to make it have no effect on actual reply > access. Place this at the top of the http_reply_access list set if you have > any others doing allow/deny. > > Amos
