Solved

How to limit File Upload using Squid Proxy

Posted on 2008-06-21
7
6,209 Views
Last Modified: 2013-12-16
Hi,

I have a LAN with Squid Proxy as the Proxy Server.  My requirement is I want to block all the users with the file upload limit (say in webmails, they should not attach the files more than the allowed limit) and allow only specific users to have unlimited file upload.

Can any body give me a solution for this...

I am using Squid 2.6 STABLE 6 with Fedora Core 6

Thanks & Regards

Muthuvelu.T.J
0
Comment
Question by:muthuvelutj
  • 4
  • 2
7 Comments
 
LVL 14

Accepted Solution

by:
agriesser earned 500 total points
ID: 21837078
Out of squid.conf:

#  TAG: request_body_max_size   (KB)
#       This specifies the maximum size for an HTTP request body.
#       In other words, the maximum size of a PUT/POST request.
#       A user who attempts to send a request with a body larger
#       than this limit receives an "Invalid Request" error message.
#       If you set this parameter to a zero (the default), there will
#       be no limit imposed.
#
#Default:
# request_body_max_size 0 KB

This will limit file uploads for _ALL_ users going over this proxy as this currently can't be ACL driven.

I played a bit and found a solution that should work (at least in my limited testing, it worked):

You need to add the following lines to your squid.conf:

---------------------
external_acl_type request_body %{Content-Length} /var/tmp/request.sh
acl request_max_1 external request_body 1000000
acl request_max_3 external request_body 3000000
---------------------

/var/tmp/request.sh is the external helper program needed (see code snippet below) and may be placed at any location you want (probably /usr/lib/squid/, this is (on my system) the directory where all the other helper apps reside).

1000000 would mean 1MB is allowed and 300000 would mean 3MB are allowed (change according to your needs)

Now you need to apply access rules based on this acls in your squid.conf, f.e.x:

---------------------
acl powerusers src 192.168.1.0/24
acl students src 192.168.2.0/24

http_access allow powerusers request_max_3
http_access allow students request_max_1
----------------------


I hope this works for you, it does for me.
#!/bin/sh
 

while read size limit; do

  if [ "${size}" -gt "${limit}" ]; then

    echo ERR

  else

    echo OK

  fi

done

Open in new window

0
 

Author Comment

by:muthuvelutj
ID: 21837313
Hi,

Thanks for the response.

I actully tried the above said.. i read about the scripsts by Henrick... But i have not tested as you said.. let me try and post the results in another 2 hours...

Thanks & Regards

Muthuvelu.T.J
0
 
LVL 7

Expert Comment

by:dineesh
ID: 21837347
request_body_max_size - limit upload
reply_body_max_size - limit download
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:muthuvelutj
ID: 21837578
Hi Dineesh,

I know about the above said. but when you answer, you can be bit more elaborate just giving clues alone will not solve the purpose.

Moreover the above said directives are global directives and using it in ACL would be a tough task....or I am not sure how this global directives can be used in ACL's

agriesser gave me almost a right solution... I am in the phase of testing the same. Let me know post the results asap.
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21837635
You can't use request_body_max_size in ACLs and that's exactly the problem.
What I know from the squid ML is that there were several discussions in it making this feature available for ACLs, but noone by now implemented it, so it's not part of the current stable release and AFAIK, it's also not in trunk.

0
 

Author Comment

by:muthuvelutj
ID: 21839837
Hi agriesser,

Thanks for the Tip. My initial testing shows a success full sign. I just tweaked to suit to my environment and It works...

I am going to make it live tomorrow. Let me post again the results....

Thanks a lot.

0
 

Author Closing Comment

by:muthuvelutj
ID: 31469393
Thanks agriesser. It Works. Yet to make it live. Let me post the results once we go on live
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now