On 12/06/2012 4:15 p.m., Robert Gowty wrote:
Hi Amos, I have been trying the reply_body_max_size without the !all as you
suggest, however I get the same outcome - download sizes aren't being
restricted. We have used this schema with other directives such as
delay_pools with out any problems so we are fairly sure the external
acl's are doing everything they should be doing. As I mentioned
reply_body_max_size works as expected with other types of acl's such
as the proxy_auth example, is does seem the reply_body_max_size and
external acl's have a problem working together....any thoughts?
I just clicked .... the extern ACL parameter " cache=0 " means you are
not storing the external ACL results for later use by other access tests.
There is no way reply_body_max_size can re-run the helper lookup, so no
match. Remove that parameter and your TTL values will start to work.
Amos
cheers
Rob
On 8 June 2012 17:41, Amos Jeffries wrote:
On 8/06/2012 4:50 p.m., Robert Gowty wrote:
I am having problems getting an external acl to work with
reply_body_max_size
The steps I have taken are as follows:
1. Define the external_acl_type response_size_check_ext_acl_type
# response_size_check_{pk}_acl pk
external_acl_type response_size_check_ext_acl_type ttl=100
negative_ttl=100 cache=0 children=2 concurrency=20 %EXT_TAG %EXT_LOG
/usr/share/bin/ext_acl_payload_check -c 20 --key=response_size_restriction
2. Create a number of acl's using this type in squid.conf, for example,
then applying it to reply_body_max_size
acl response_size_13_acl external response_size_check_ext_acl_type 13
http_reply_access allow response_size_13_acl !all
reply_body_max_size 13 MB response_size_13_acl !all
The purpose of the "!all" is to prevent the response_size_13_acl match
doing an allow. "!all" will always be a false/no-match.
So... using it on reply_body_max_size has the same effect of making sure
that line is never used.
What you need is this:
http_reply_access allow response_size_13_acl !all
reply_body_max_size 13 MB response_size_13_acl
Amos
--
Robert Gowty
CTO
Getbusi
1 College Road
Sandy Bay, TAS, 7005.
Phone: (03) 6226 6268
www.getbusi.com