Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to limit File Upload using Squid Proxy

Posted on 2008-06-21
7
6,397 Views
Last Modified: 2013-12-16
Hi,

I have a LAN with Squid Proxy as the Proxy Server.  My requirement is I want to block all the users with the file upload limit (say in webmails, they should not attach the files more than the allowed limit) and allow only specific users to have unlimited file upload.

Can any body give me a solution for this...

I am using Squid 2.6 STABLE 6 with Fedora Core 6

Thanks & Regards

Muthuvelu.T.J
0
Comment
Question by:muthuvelutj
  • 4
  • 2
7 Comments
 
LVL 14

Accepted Solution

by:
agriesser earned 500 total points
ID: 21837078
Out of squid.conf:

#  TAG: request_body_max_size   (KB)
#       This specifies the maximum size for an HTTP request body.
#       In other words, the maximum size of a PUT/POST request.
#       A user who attempts to send a request with a body larger
#       than this limit receives an "Invalid Request" error message.
#       If you set this parameter to a zero (the default), there will
#       be no limit imposed.
#
#Default:
# request_body_max_size 0 KB

This will limit file uploads for _ALL_ users going over this proxy as this currently can't be ACL driven.

I played a bit and found a solution that should work (at least in my limited testing, it worked):

You need to add the following lines to your squid.conf:

---------------------
external_acl_type request_body %{Content-Length} /var/tmp/request.sh
acl request_max_1 external request_body 1000000
acl request_max_3 external request_body 3000000
---------------------

/var/tmp/request.sh is the external helper program needed (see code snippet below) and may be placed at any location you want (probably /usr/lib/squid/, this is (on my system) the directory where all the other helper apps reside).

1000000 would mean 1MB is allowed and 300000 would mean 3MB are allowed (change according to your needs)

Now you need to apply access rules based on this acls in your squid.conf, f.e.x:

---------------------
acl powerusers src 192.168.1.0/24
acl students src 192.168.2.0/24

http_access allow powerusers request_max_3
http_access allow students request_max_1
----------------------


I hope this works for you, it does for me.
#!/bin/sh
 
while read size limit; do
  if [ "${size}" -gt "${limit}" ]; then
    echo ERR
  else
    echo OK
  fi
done

Open in new window

0
 

Author Comment

by:muthuvelutj
ID: 21837313
Hi,

Thanks for the response.

I actully tried the above said.. i read about the scripsts by Henrick... But i have not tested as you said.. let me try and post the results in another 2 hours...

Thanks & Regards

Muthuvelu.T.J
0
 
LVL 7

Expert Comment

by:dineesh
ID: 21837347
request_body_max_size - limit upload
reply_body_max_size - limit download
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:muthuvelutj
ID: 21837578
Hi Dineesh,

I know about the above said. but when you answer, you can be bit more elaborate just giving clues alone will not solve the purpose.

Moreover the above said directives are global directives and using it in ACL would be a tough task....or I am not sure how this global directives can be used in ACL's

agriesser gave me almost a right solution... I am in the phase of testing the same. Let me know post the results asap.
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21837635
You can't use request_body_max_size in ACLs and that's exactly the problem.
What I know from the squid ML is that there were several discussions in it making this feature available for ACLs, but noone by now implemented it, so it's not part of the current stable release and AFAIK, it's also not in trunk.

0
 

Author Comment

by:muthuvelutj
ID: 21839837
Hi agriesser,

Thanks for the Tip. My initial testing shows a success full sign. I just tweaked to suit to my environment and It works...

I am going to make it live tomorrow. Let me post again the results....

Thanks a lot.

0
 

Author Closing Comment

by:muthuvelutj
ID: 31469393
Thanks agriesser. It Works. Yet to make it live. Let me post the results once we go on live
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Fine Tune your automatic Updates for Ubuntu / Debian
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question