How to limit File Upload using Squid Proxy

Posted on 2008-06-21
Medium Priority
Last Modified: 2013-12-16

I have a LAN with Squid Proxy as the Proxy Server.  My requirement is I want to block all the users with the file upload limit (say in webmails, they should not attach the files more than the allowed limit) and allow only specific users to have unlimited file upload.

Can any body give me a solution for this...

I am using Squid 2.6 STABLE 6 with Fedora Core 6

Thanks & Regards

Question by:muthuvelutj
  • 4
  • 2
LVL 14

Accepted Solution

agriesser earned 2000 total points
ID: 21837078
Out of squid.conf:

#  TAG: request_body_max_size   (KB)
#       This specifies the maximum size for an HTTP request body.
#       In other words, the maximum size of a PUT/POST request.
#       A user who attempts to send a request with a body larger
#       than this limit receives an "Invalid Request" error message.
#       If you set this parameter to a zero (the default), there will
#       be no limit imposed.
# request_body_max_size 0 KB

This will limit file uploads for _ALL_ users going over this proxy as this currently can't be ACL driven.

I played a bit and found a solution that should work (at least in my limited testing, it worked):

You need to add the following lines to your squid.conf:

external_acl_type request_body %{Content-Length} /var/tmp/request.sh
acl request_max_1 external request_body 1000000
acl request_max_3 external request_body 3000000

/var/tmp/request.sh is the external helper program needed (see code snippet below) and may be placed at any location you want (probably /usr/lib/squid/, this is (on my system) the directory where all the other helper apps reside).

1000000 would mean 1MB is allowed and 300000 would mean 3MB are allowed (change according to your needs)

Now you need to apply access rules based on this acls in your squid.conf, f.e.x:

acl powerusers src
acl students src

http_access allow powerusers request_max_3
http_access allow students request_max_1

I hope this works for you, it does for me.
while read size limit; do
  if [ "${size}" -gt "${limit}" ]; then
    echo ERR
    echo OK

Open in new window


Author Comment

ID: 21837313

Thanks for the response.

I actully tried the above said.. i read about the scripsts by Henrick... But i have not tested as you said.. let me try and post the results in another 2 hours...

Thanks & Regards


Expert Comment

ID: 21837347
request_body_max_size - limit upload
reply_body_max_size - limit download
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.


Author Comment

ID: 21837578
Hi Dineesh,

I know about the above said. but when you answer, you can be bit more elaborate just giving clues alone will not solve the purpose.

Moreover the above said directives are global directives and using it in ACL would be a tough task....or I am not sure how this global directives can be used in ACL's

agriesser gave me almost a right solution... I am in the phase of testing the same. Let me know post the results asap.
LVL 14

Expert Comment

ID: 21837635
You can't use request_body_max_size in ACLs and that's exactly the problem.
What I know from the squid ML is that there were several discussions in it making this feature available for ACLs, but noone by now implemented it, so it's not part of the current stable release and AFAIK, it's also not in trunk.


Author Comment

ID: 21839837
Hi agriesser,

Thanks for the Tip. My initial testing shows a success full sign. I just tweaked to suit to my environment and It works...

I am going to make it live tomorrow. Let me post again the results....

Thanks a lot.


Author Closing Comment

ID: 31469393
Thanks agriesser. It Works. Yet to make it live. Let me post the results once we go on live

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question