-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 He answered you. Just re-read answer. This is not possible absolutely in all cases. World is changed. Too sad. 21.03.15 5:12, snakeeyes пишет: > I did try with google.com and yahoo.com > > It seems not blocking images there > > Can u help with that plz ? > > -----Original Message----- From: snakeeyes > [mailto:ahmed.zaeem@xxxxxxxxxxxx] Sent: Friday, March 20, 2015 4:06 > PM To: 'Amos Jeffries' Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: RE: i want to block images with size more > than 40 KB > > Hi amos , thanks for reply I have tried @ top of squidf.conf > > acl images rep_header Content-Type ^image/ ^x-image/ acl small > rep_header Content-Length ^[1234]?[0-9]$ http_reply_access deny > small images > > are you sure that its blocking images with size >40KB ???? also I > didn’t see extensions like jpg or bmp or similar like that ??!! > > I have used many several sites , its being all allowed Can you > advise ? > > > > > regards > > -----Original Message----- From: squid-users > [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of > Amos Jeffries Sent: Wednesday, March 18, 2015 9:41 PM To: > squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: i want > to block images with size more than 40 KB > > On 19/03/2015 1:35 p.m., snakeeyes wrote: >> Thank you so much Amos and leonardo Can you provide me any >> sample config to start with ? I feel it so difficult to me . I >> had a look @ ""ACL elements"" section in thw wiki about matching >> size of image but didn’t find clear thing. So again I feel that I >> will create access list that match size > than 50 Byte and with >> mime type like jpg or bmp and then deny it. >> >> Could you help me with startup config plz ? > > You mean hand over a cut-n-paste example that you can use and when > things go wrong not understand how to fix? > > Sure: acl images rep_header Content-Type ^image/ ^x-image/ acl > small rep_header Content-Length ^[1234]?[0-9]$ http_reply_access > deny small images > > > BUT like Leonardo said, censoring the Internet not as easy as all > that. > > * Images come in *many* data formats (Content-Type values), some of > which are shared with other non-image things - like octet-stream > which literally means "unknown binary data". They can come embedded > inside other objects, JSON, CSS, archive files (like zip / gzip / > xz / ar / cab) ... even plain old HTML can have base64 blobs of > image data in them which gets decoded by a script... and so on. > > For every point of censorship there is a bypass. > > * The Content-Length is also not guaranteed to be existing. The > object may be of undefined length streamed in small chunks or as a > blob with no size known until the end of the transaction. > > > What it comes down to is that you need to know exactly what you are > looking for in the protocol, and use the appropriate ACL types to > match with. Which in turn requires knowing what ACLs you have > available and how to use them to construct *_access rules matching > your needs. > > > When you do have to make abnormal things happen be as precise and > specific as you can. Every bit of fuzz/approximation *will* cause > trouble at some point during production traffic. > > > So, why are you doing this? > > Amos > > _______________________________________________ squid-users mailing > list squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ squid-users mailing > list squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVDDBXAAoJENNXIZxhPexGeJYIAJdUgDYAW8YS7AQSCcJ9XT/S Ln65rhi5xYgxlJFUdRhlySiqfqueJpbfwm++QkVUXx/tsa7tCMTDpB882nPydtl+ 0BkDseYHjwu+kVbBweXAJXvRoo74zNjXmAVv4Ib4o92Pnz8WAElxB8zJpB/zw4LH ZQaw3e0e82OGCDcsrd/yYsWR5nDYP00KQQcKglf4gaajJP2Gy6GaNOORcbdsBiOR Ypzcw/0mEpVIVYtvz3F5y46gsa5I0ocacwo+6S8UYiMEejOqMH/t/yFCsG5t1G/1 8Q3Vvr/77KR2K7MJkliFnjbEguItFPu2m8bnNIr0am08g5SnBmjqvgrGiHhHDdA= =1Ocj -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
