reply_body_max_size not always enforced

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

reply_body_max_size not always enforced

Eduard Weissmann
Hi,

I've configured Squid to block large resources:

reply_body_max_size 50 MB all

Blocking works for some urls, (HTTP/1.1):

But it does not work for others (HTTP/2):

I'm wondering: why is the second URL not blocked? Is it because the response is HTTP/2?

I've read in the docs about how the response size is checked twice and how that all works, but in the case of both URLs the response has a content-length header defined.

Using curl for tests:

Thank you

Best regards,



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_body_max_size not always enforced

Matus UHLAR - fantomas
On 01.11.19 09:22, Eduard Weissmann wrote:

>I've configured Squid to block large resources:
>
>reply_body_max_size 50 MB all
>
>Blocking works for some urls, (HTTP/1.1):
>http://download.thinkbroadband.com/1GB.zip
>
>But it does not work for others (HTTP/2):
>https://upload.wikimedia.org/wikipedia/commons/0/0b/Sandro_Botticelli_-_La_nascita_di_Venere_-_Google_Art_Project_-_edited.jpg
>
>I'm wondering: why is the second URL not blocked? Is it because the
>response is HTTP/2?

I assume it's not blocked because it's https, thus ('s' meas secure)
encrypted and squid only sees TCP tunnel made through it, not any requests
and responses, so it can't block either.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_body_max_size not always enforced

Eduard Weissmann
Oh.. of course! That was so silly of me.
Thank you.

On Fri, Nov 1, 2019 at 12:22 PM Matus UHLAR - fantomas <[hidden email]> wrote:
On 01.11.19 09:22, Eduard Weissmann wrote:
>I've configured Squid to block large resources:
>
>reply_body_max_size 50 MB all
>
>Blocking works for some urls, (HTTP/1.1):
>http://download.thinkbroadband.com/1GB.zip
>
>But it does not work for others (HTTP/2):
>https://upload.wikimedia.org/wikipedia/commons/0/0b/Sandro_Botticelli_-_La_nascita_di_Venere_-_Google_Art_Project_-_edited.jpg
>
>I'm wondering: why is the second URL not blocked? Is it because the
>response is HTTP/2?

I assume it's not blocked because it's https, thus ('s' meas secure)
encrypted and squid only sees TCP tunnel made through it, not any requests
and responses, so it can't block either.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users