Search squid archive

reply_body_max_size && external_acl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am having problems getting an external acl to work with reply_body_max_size
The steps I have taken are as follows:
1. Define the external_acl_type response_size_check_ext_acl_type

# response_size_check_{pk}_acl pk
external_acl_type response_size_check_ext_acl_type ttl=100 negative_ttl=100 cache=0 children=2 concurrency=20 %EXT_TAG %EXT_LOG /usr/share/bin/ext_acl_payload_check -c 20 --key=response_size_restriction

2. Create a number of acl's using this type in squid.conf, for example, then applying it to reply_body_max_size

acl response_size_13_acl external response_size_check_ext_acl_type 13
http_reply_access allow response_size_13_acl !all
reply_body_max_size 13 MB response_size_13_acl !all

The '13' argument is to tell the external acl what the size restriction is going to be
the next line tests the acl, caching the result as external acl's are 'slow'
the final line, I am expecting to get the cached result and limit max_size to 13MB if 'response_size_13_acl' returns OK.

This is the log from the external acl, which suggests the acl is called and it returns OK

2012-06-08 14:23:18,785 advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check [24441:177142764] INFO: KEY IS response_size_restriction
2012-06-08 14:23:18,786 advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check [24441:177142764] INFO: addval ['13']
2012-06-08 14:23:18,786 advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check [24441:177142764] INFO: VALUES - [13]
2012-06-08 14:23:18,786 advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check [24441:177142764] INFO: Begining value checking loop
2012-06-08 14:23:18,786 advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check [24441:177142764] INFO: Other Value type found - ie int
2012-06-08 14:23:18,787 advance.utils.management.base@base [24441:177142764] INFO: ext_acl_payload_check Response: '0 OK'

I have tried other 'slow' acl's using this method and it appears to work fine, for example

#TEST USER ACL
acl test_user proxy_auth "/usr/blocked/users_1.txt"
#testing fast/slow performance against cache for reply_body_max_size
http_reply_access allow test_user !all
reply_body_max_size 1 MB test_user

Any thoughts would be most welcome
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux