On 2/25/21 8:44 PM, Raj Nagar wrote: > Is there any way by which I can enforce these > limits on other protocols as https? If you want to enforce HTTP request size limits for HTTPS transactions, then you have to bump TLS connections (to see HTTP inside TLS). If you want to enforce connection limits for TLS (and other non-HTTP) connections, then you can either enhance Squid or perhaps use some TCP-level software that can track individual TCP connection usage. Since this option deals with TCP connections, it cannot limit individual HTTP uploads, only the total amount of bytes sent by the client. One TLS/TCP connection could carry one (encrypted) request or thousands of (encrypted) requests or even non HTTP traffic -- Squid cannot tell without bumping that TLS connection. Both options have ugly drawbacks. There is no good solution for what you want to do (if you do not control the browser). Alex. > On Thu, Feb 25, 2021, 23:33 Alex Rousskov wrote: > > On 2/24/21 11:51 PM, Raj Nagar wrote: > > > I am using squid as forward proxy and want to restrict upload of files > > larger than 1 MB. I have used following configuration for > > same: *request_body_max_size 1 MB*. > > But this is not working for me and I am able to upload larger files. > > Can someone please help for same. Thanks in advance > > Does your Squid have access to the HTTP request information? For > example, if it is an HTTPS request, and you are not bumping the > corresponding TLS connection, then Squid would not be working at HTTP > level and, hence, would not be able to limit individual HTTP request > sizes. > > The corresponding access.log record may tell us more about the > problematic transaction. > > > HTH, > > Alex. > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
