Problem with upload size limit in squid

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with upload size limit in squid

Raj Nagar
Hi,

I am using squid as forward proxy and want to restrict upload of files larger than 1 MB. I have used following configuration for same: request_body_max_size 1 MB.
But this is not working for me and I am able to upload larger files.
Can someone please help for same. Thanks in advance

--
Regards,
Raj Nagar

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with upload size limit in squid

Alex Rousskov
On 2/24/21 11:51 PM, Raj Nagar wrote:

> I am using squid as forward proxy and want to restrict upload of files
> larger than 1 MB. I have used following configuration for
> same: *request_body_max_size 1 MB*.
> But this is not working for me and I am able to upload larger files.
> Can someone please help for same. Thanks in advance

Does your Squid have access to the HTTP request information? For
example, if it is an HTTPS request, and you are not bumping the
corresponding TLS connection, then Squid would not be working at HTTP
level and, hence, would not be able to limit individual HTTP request sizes.

The corresponding access.log record may tell us more about the
problematic transaction.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with upload size limit in squid

Raj Nagar
Hi Alex,

Thanks for your response. Is there any way by which I can enforce these limits on other protocols as https ?

On Thu, Feb 25, 2021, 23:33 Alex Rousskov <[hidden email]> wrote:
On 2/24/21 11:51 PM, Raj Nagar wrote:

> I am using squid as forward proxy and want to restrict upload of files
> larger than 1 MB. I have used following configuration for
> same: *request_body_max_size 1 MB*.
> But this is not working for me and I am able to upload larger files.
> Can someone please help for same. Thanks in advance

Does your Squid have access to the HTTP request information? For
example, if it is an HTTPS request, and you are not bumping the
corresponding TLS connection, then Squid would not be working at HTTP
level and, hence, would not be able to limit individual HTTP request sizes.

The corresponding access.log record may tell us more about the
problematic transaction.


HTH,

Alex.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with upload size limit in squid

Alex Rousskov
On 2/25/21 8:44 PM, Raj Nagar wrote:

> Is there any way by which I can enforce these
> limits on other protocols as https?

If you want to enforce HTTP request size limits for HTTPS transactions,
then you have to bump TLS connections (to see HTTP inside TLS).

If you want to enforce connection limits for TLS (and other non-HTTP)
connections, then you can either enhance Squid or perhaps use some
TCP-level software that can track individual TCP connection usage. Since
this option deals with TCP connections, it cannot limit individual HTTP
uploads, only the total amount of bytes sent by the client. One TLS/TCP
connection could carry one (encrypted) request or thousands of
(encrypted) requests or even non HTTP traffic -- Squid cannot tell
without bumping that TLS connection.

Both options have ugly drawbacks. There is no good solution for what you
want to do (if you do not control the browser).

Alex.


> On Thu, Feb 25, 2021, 23:33 Alex Rousskov wrote:
>
>     On 2/24/21 11:51 PM, Raj Nagar wrote:
>
>     > I am using squid as forward proxy and want to restrict upload of files
>     > larger than 1 MB. I have used following configuration for
>     > same: *request_body_max_size 1 MB*.
>     > But this is not working for me and I am able to upload larger files.
>     > Can someone please help for same. Thanks in advance
>
>     Does your Squid have access to the HTTP request information? For
>     example, if it is an HTTPS request, and you are not bumping the
>     corresponding TLS connection, then Squid would not be working at HTTP
>     level and, hence, would not be able to limit individual HTTP request
>     sizes.
>
>     The corresponding access.log record may tell us more about the
>     problematic transaction.
>
>
>     HTH,
>
>     Alex.
>

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users