[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to limit File Upload using Squid Proxy

Posted on 2008-06-21
7
Medium Priority
?
6,927 Views
Last Modified: 2013-12-16
Hi,

I have a LAN with Squid Proxy as the Proxy Server.  My requirement is I want to block all the users with the file upload limit (say in webmails, they should not attach the files more than the allowed limit) and allow only specific users to have unlimited file upload.

Can any body give me a solution for this...

I am using Squid 2.6 STABLE 6 with Fedora Core 6

Thanks & Regards

Muthuvelu.T.J
0
Comment
Question by:muthuvelutj
  • 4
  • 2
7 Comments
 
LVL 14

Accepted Solution

by:
agriesser earned 2000 total points
ID: 21837078
Out of squid.conf:

#  TAG: request_body_max_size   (KB)
#       This specifies the maximum size for an HTTP request body.
#       In other words, the maximum size of a PUT/POST request.
#       A user who attempts to send a request with a body larger
#       than this limit receives an "Invalid Request" error message.
#       If you set this parameter to a zero (the default), there will
#       be no limit imposed.
#
#Default:
# request_body_max_size 0 KB

This will limit file uploads for _ALL_ users going over this proxy as this currently can't be ACL driven.

I played a bit and found a solution that should work (at least in my limited testing, it worked):

You need to add the following lines to your squid.conf:

---------------------
external_acl_type request_body %{Content-Length} /var/tmp/request.sh
acl request_max_1 external request_body 1000000
acl request_max_3 external request_body 3000000
---------------------

/var/tmp/request.sh is the external helper program needed (see code snippet below) and may be placed at any location you want (probably /usr/lib/squid/, this is (on my system) the directory where all the other helper apps reside).

1000000 would mean 1MB is allowed and 300000 would mean 3MB are allowed (change according to your needs)

Now you need to apply access rules based on this acls in your squid.conf, f.e.x:

---------------------
acl powerusers src 192.168.1.0/24
acl students src 192.168.2.0/24

http_access allow powerusers request_max_3
http_access allow students request_max_1
----------------------


I hope this works for you, it does for me.
#!/bin/sh
 
while read size limit; do
  if [ "${size}" -gt "${limit}" ]; then
    echo ERR
  else
    echo OK
  fi
done

Open in new window

0
 

Author Comment

by:muthuvelutj
ID: 21837313
Hi,

Thanks for the response.

I actully tried the above said.. i read about the scripsts by Henrick... But i have not tested as you said.. let me try and post the results in another 2 hours...

Thanks & Regards

Muthuvelu.T.J
0
 
LVL 7

Expert Comment

by:dineesh
ID: 21837347
request_body_max_size - limit upload
reply_body_max_size - limit download
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:muthuvelutj
ID: 21837578
Hi Dineesh,

I know about the above said. but when you answer, you can be bit more elaborate just giving clues alone will not solve the purpose.

Moreover the above said directives are global directives and using it in ACL would be a tough task....or I am not sure how this global directives can be used in ACL's

agriesser gave me almost a right solution... I am in the phase of testing the same. Let me know post the results asap.
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21837635
You can't use request_body_max_size in ACLs and that's exactly the problem.
What I know from the squid ML is that there were several discussions in it making this feature available for ACLs, but noone by now implemented it, so it's not part of the current stable release and AFAIK, it's also not in trunk.

0
 

Author Comment

by:muthuvelutj
ID: 21839837
Hi agriesser,

Thanks for the Tip. My initial testing shows a success full sign. I just tweaked to suit to my environment and It works...

I am going to make it live tomorrow. Let me post again the results....

Thanks a lot.

0
 

Author Closing Comment

by:muthuvelutj
ID: 31469393
Thanks agriesser. It Works. Yet to make it live. Let me post the results once we go on live
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month17 days, 18 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question