Hi, I am using squid as forward proxy and want to restrict upload of files larger than 1 MB. I have used following configuration for same: request_body_max_size 1 MB. But this is not working for me and I am able to upload larger files. Can someone please help for same. Thanks in advance Regards, Raj Nagar _______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
On 2/24/21 11:51 PM, Raj Nagar wrote:
> I am using squid as forward proxy and want to restrict upload of files > larger than 1 MB. I have used following configuration for > same: *request_body_max_size 1 MB*. > But this is not working for me and I am able to upload larger files. > Can someone please help for same. Thanks in advance Does your Squid have access to the HTTP request information? For example, if it is an HTTPS request, and you are not bumping the corresponding TLS connection, then Squid would not be working at HTTP level and, hence, would not be able to limit individual HTTP request sizes. The corresponding access.log record may tell us more about the problematic transaction. HTH, Alex. _______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
Hi Alex, Thanks for your response. Is there any way by which I can enforce these limits on other protocols as https ? On Thu, Feb 25, 2021, 23:33 Alex Rousskov <[hidden email]> wrote: On 2/24/21 11:51 PM, Raj Nagar wrote: _______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
On 2/25/21 8:44 PM, Raj Nagar wrote:
> Is there any way by which I can enforce these > limits on other protocols as https? If you want to enforce HTTP request size limits for HTTPS transactions, then you have to bump TLS connections (to see HTTP inside TLS). If you want to enforce connection limits for TLS (and other non-HTTP) connections, then you can either enhance Squid or perhaps use some TCP-level software that can track individual TCP connection usage. Since this option deals with TCP connections, it cannot limit individual HTTP uploads, only the total amount of bytes sent by the client. One TLS/TCP connection could carry one (encrypted) request or thousands of (encrypted) requests or even non HTTP traffic -- Squid cannot tell without bumping that TLS connection. Both options have ugly drawbacks. There is no good solution for what you want to do (if you do not control the browser). Alex. > On Thu, Feb 25, 2021, 23:33 Alex Rousskov wrote: > > On 2/24/21 11:51 PM, Raj Nagar wrote: > > > I am using squid as forward proxy and want to restrict upload of files > > larger than 1 MB. I have used following configuration for > > same: *request_body_max_size 1 MB*. > > But this is not working for me and I am able to upload larger files. > > Can someone please help for same. Thanks in advance > > Does your Squid have access to the HTTP request information? For > example, if it is an HTTPS request, and you are not bumping the > corresponding TLS connection, then Squid would not be working at HTTP > level and, hence, would not be able to limit individual HTTP request > sizes. > > The corresponding access.log record may tell us more about the > problematic transaction. > > > HTH, > > Alex. > _______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
Free forum by Nabble | Edit this page |