Hi Amos, I have been trying the reply_body_max_size without the !all as you
suggest, however I get the same outcome - download sizes aren't being
restricted. We have used this schema with other directives such as
delay_pools with out any problems so we are fairly sure the external
acl's are doing everything they should be doing. As I mentioned
reply_body_max_size works as expected with other types of acl's such
as the proxy_auth example, is does seem the reply_body_max_size and
external acl's have a problem working together....any thoughts?
cheers
Rob
On 8 June 2012 17:41, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
>
> On 8/06/2012 4:50 p.m., Robert Gowty wrote:
>>
>> I am having problems getting an external acl to work with
>> reply_body_max_size
>> The steps I have taken are as follows:
>> 1. Define the external_acl_type response_size_check_ext_acl_type
>>
>> # response_size_check_{pk}_acl pk
>> external_acl_type response_size_check_ext_acl_type ttl=100
>> negative_ttl=100 cache=0 children=2 concurrency=20 %EXT_TAG %EXT_LOG
>> /usr/share/bin/ext_acl_payload_check -c 20 --key=response_size_restriction
>>
>> 2. Create a number of acl's using this type in squid.conf, for example,
>> then applying it to reply_body_max_size
>>
>> acl response_size_13_acl external response_size_check_ext_acl_type 13
>> http_reply_access allow response_size_13_acl !all
>> reply_body_max_size 13 MB response_size_13_acl !all
>
>
> The purpose of the "!all" is to prevent the response_size_13_acl match
> doing an allow. "!all" will always be a false/no-match.
>
> So... using it on reply_body_max_size has the same effect of making sure
> that line is never used.
>
> What you need is this:
>
> http_reply_access allow response_size_13_acl !all
> reply_body_max_size 13 MB response_size_13_acl
>
> Amos
--
Robert Gowty
CTO
Getbusi
1 College Road
Sandy Bay, TAS, 7005.
Phone: (03) 6226 6268
www.getbusi.com
