• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7147
  • Last Modified:

How to limit File Upload using Squid Proxy

Hi,

I have a LAN with Squid Proxy as the Proxy Server.  My requirement is I want to block all the users with the file upload limit (say in webmails, they should not attach the files more than the allowed limit) and allow only specific users to have unlimited file upload.

Can any body give me a solution for this...

I am using Squid 2.6 STABLE 6 with Fedora Core 6

Thanks & Regards

Muthuvelu.T.J
0
muthuvelutj
Asked:
muthuvelutj
  • 4
  • 2
1 Solution
 
agriesserCommented:
Out of squid.conf:

#  TAG: request_body_max_size   (KB)
#       This specifies the maximum size for an HTTP request body.
#       In other words, the maximum size of a PUT/POST request.
#       A user who attempts to send a request with a body larger
#       than this limit receives an "Invalid Request" error message.
#       If you set this parameter to a zero (the default), there will
#       be no limit imposed.
#
#Default:
# request_body_max_size 0 KB

This will limit file uploads for _ALL_ users going over this proxy as this currently can't be ACL driven.

I played a bit and found a solution that should work (at least in my limited testing, it worked):

You need to add the following lines to your squid.conf:

---------------------
external_acl_type request_body %{Content-Length} /var/tmp/request.sh
acl request_max_1 external request_body 1000000
acl request_max_3 external request_body 3000000
---------------------

/var/tmp/request.sh is the external helper program needed (see code snippet below) and may be placed at any location you want (probably /usr/lib/squid/, this is (on my system) the directory where all the other helper apps reside).

1000000 would mean 1MB is allowed and 300000 would mean 3MB are allowed (change according to your needs)

Now you need to apply access rules based on this acls in your squid.conf, f.e.x:

---------------------
acl powerusers src 192.168.1.0/24
acl students src 192.168.2.0/24

http_access allow powerusers request_max_3
http_access allow students request_max_1
----------------------


I hope this works for you, it does for me.
#!/bin/sh
 
while read size limit; do
  if [ "${size}" -gt "${limit}" ]; then
    echo ERR
  else
    echo OK
  fi
done

Open in new window

0
 
muthuvelutjAuthor Commented:
Hi,

Thanks for the response.

I actully tried the above said.. i read about the scripsts by Henrick... But i have not tested as you said.. let me try and post the results in another 2 hours...

Thanks & Regards

Muthuvelu.T.J
0
 
dineeshCommented:
request_body_max_size - limit upload
reply_body_max_size - limit download
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
muthuvelutjAuthor Commented:
Hi Dineesh,

I know about the above said. but when you answer, you can be bit more elaborate just giving clues alone will not solve the purpose.

Moreover the above said directives are global directives and using it in ACL would be a tough task....or I am not sure how this global directives can be used in ACL's

agriesser gave me almost a right solution... I am in the phase of testing the same. Let me know post the results asap.
0
 
agriesserCommented:
You can't use request_body_max_size in ACLs and that's exactly the problem.
What I know from the squid ML is that there were several discussions in it making this feature available for ACLs, but noone by now implemented it, so it's not part of the current stable release and AFAIK, it's also not in trunk.

0
 
muthuvelutjAuthor Commented:
Hi agriesser,

Thanks for the Tip. My initial testing shows a success full sign. I just tweaked to suit to my environment and It works...

I am going to make it live tomorrow. Let me post again the results....

Thanks a lot.

0
 
muthuvelutjAuthor Commented:
Thanks agriesser. It Works. Yet to make it live. Let me post the results once we go on live
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now