reply_header to block downloads

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

reply_header to block downloads

robert k Wild

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_header to block downloads

Amos Jeffries
Administrator
On 19/11/20 9:20 am, robert k Wild wrote:
> hi all,
>
> can i use the acl "reply_header_access" to block downloads, like i have
> done with the " rep_mime_type " or is this not what its meant for
>

That directive stops matching responses being delivered to clients (they
get an error page instead).

Note that the full response is still received by the proxy. So it is
mostly useful for security depending on response details, rather than a
bandwidth saving measure.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_header to block downloads

Alex Rousskov
In reply to this post by robert k Wild
On 11/18/20 3:20 PM, robert k Wild wrote:

> can i use the acl "reply_header_access" to block downloads, like i have
> done with the " rep_mime_type " or is this not what its meant for

Roughly speaking, ACL is a boolean function -- something that gives
Squid a yes/no answer to an ACL-specific question. A typical ACL can be
used in many contexts, for many purposes. By itself, an ACL does not
block or allow anything. Unfortunately, folks sometimes misuse the term
"ACL" to mean "an ACL-driven directive".

* rep_mime_type is an ACL. The question this particular ACL answers is
"Does the response have the specified Content-Type header field value?"

* reply_header_access is not an ACL. It is an ACL-driven directive (i.e.
a directive that accepts ACLs as configuration parameters). This
particular directive does not block any responses. Instead, it prevents
individual response header fields from being delivered by Squid to HTTP
clients. It does not affect responses received by Squid -- beyond
sending bytes to clients, Squid does not see the effects of this
directive when processing the response. For example, Squid code
responsible for storing responses in the cache is executed before this
directive is applied.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users