Hi amos , thanks for reply I have tried @ top of squidf.conf acl images rep_header Content-Type ^image/ ^x-image/ acl small rep_header Content-Length ^[1234]?[0-9]$ http_reply_access deny small images are you sure that its blocking images with size >40KB ???? also I didn’t see extensions like jpg or bmp or similar like that ??!! I have used many several sites , its being all allowed Can you advise ? regards -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries Sent: Wednesday, March 18, 2015 9:41 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: i want to block images with size more than 40 KB On 19/03/2015 1:35 p.m., snakeeyes wrote: > Thank you so much Amos and leonardo > Can you provide me any sample config to start with ? > I feel it so difficult to me . > I had a look @ ""ACL elements"" section in thw wiki about matching size of image but didn’t find clear thing. > So again I feel that I will create access list that match size > than 50 Byte and with mime type like jpg or bmp and then deny it. > > Could you help me with startup config plz ? You mean hand over a cut-n-paste example that you can use and when things go wrong not understand how to fix? Sure: acl images rep_header Content-Type ^image/ ^x-image/ acl small rep_header Content-Length ^[1234]?[0-9]$ http_reply_access deny small images BUT like Leonardo said, censoring the Internet not as easy as all that. * Images come in *many* data formats (Content-Type values), some of which are shared with other non-image things - like octet-stream which literally means "unknown binary data". They can come embedded inside other objects, JSON, CSS, archive files (like zip / gzip / xz / ar / cab) ... even plain old HTML can have base64 blobs of image data in them which gets decoded by a script... and so on. For every point of censorship there is a bypass. * The Content-Length is also not guaranteed to be existing. The object may be of undefined length streamed in small chunks or as a blob with no size known until the end of the transaction. What it comes down to is that you need to know exactly what you are looking for in the protocol, and use the appropriate ACL types to match with. Which in turn requires knowing what ACLs you have available and how to use them to construct *_access rules matching your needs. When you do have to make abnormal things happen be as precise and specific as you can. Every bit of fuzz/approximation *will* cause trouble at some point during production traffic. So, why are you doing this? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users