[squid-users] i want to block images with size more than 40 KB

Yuri Voinov yvoinov at gmail.com
Fri Mar 20 14:36:08 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

He answered you. Just re-read answer.

This is not possible absolutely in all cases.

World is changed. Too sad.

21.03.15 5:12, snakeeyes пишет:
> I did try with google.com and yahoo.com
> 
> It seems not blocking images there
> 
> Can u help with that plz ?
> 
> -----Original Message----- From: snakeeyes
> [mailto:ahmed.zaeem at netstream.ps] Sent: Friday, March 20, 2015 4:06
> PM To: 'Amos Jeffries' Cc: squid-users at lists.squid-cache.org 
> Subject: RE: [squid-users] i want to block images with size more
> than 40 KB
> 
> Hi amos , thanks for reply I have tried @ top of squidf.conf
> 
> acl images rep_header Content-Type ^image/ ^x-image/ acl small
> rep_header Content-Length ^[1234]?[0-9]$ http_reply_access deny
> small images
> 
> are you sure that its blocking images with size >40KB ???? also I
> didn’t see extensions like jpg or bmp or similar like that ??!!
> 
> I have used many several sites , its being all allowed Can you
> advise ?
> 
> 
> 
> 
> regards
> 
> -----Original Message----- From: squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of
> Amos Jeffries Sent: Wednesday, March 18, 2015 9:41 PM To:
> squid-users at lists.squid-cache.org Subject: Re: [squid-users] i want
> to block images with size more than 40 KB
> 
> On 19/03/2015 1:35 p.m., snakeeyes wrote:
>> Thank you so much  Amos and leonardo Can you provide me any
>> sample config to start with ? I feel it so difficult to me . I
>> had a look @ ""ACL elements"" section in thw wiki about matching
>> size of image but didn’t find clear thing. So again I feel that I
>> will create access list that match size > than 50 Byte and with
>> mime type like jpg or bmp and then deny it.
>> 
>> Could you help me with startup config plz ?
> 
> You mean hand over a cut-n-paste example that you can use and when
> things go wrong not understand how to fix?
> 
> Sure: acl images rep_header Content-Type ^image/ ^x-image/  acl
> small rep_header Content-Length ^[1234]?[0-9]$  http_reply_access
> deny small images
> 
> 
> BUT like Leonardo said, censoring the Internet not as easy as all
> that.
> 
> * Images come in *many* data formats (Content-Type values), some of
> which are shared with other non-image things - like octet-stream
> which literally means "unknown binary data". They can come embedded
> inside other objects, JSON, CSS, archive files (like zip / gzip /
> xz / ar / cab) ... even plain old HTML can have base64 blobs of
> image data in them which gets decoded by a script... and so on.
> 
> For every point of censorship there is a bypass.
> 
> * The Content-Length is also not guaranteed to be existing. The
> object may be of undefined length streamed in small chunks or as a
> blob with no size known until the end of the transaction.
> 
> 
> What it comes down to is that you need to know exactly what you are
> looking for in the protocol, and use the appropriate ACL types to
> match with. Which in turn requires knowing what ACLs you have
> available and how to use them to construct *_access rules matching
> your needs.
> 
> 
> When you do have to make abnormal things happen be as precise and
> specific as you can. Every bit of fuzz/approximation *will* cause
> trouble at some point during production traffic.
> 
> 
> So, why are you doing this?
> 
> Amos
> 
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJVDDBXAAoJENNXIZxhPexGeJYIAJdUgDYAW8YS7AQSCcJ9XT/S
Ln65rhi5xYgxlJFUdRhlySiqfqueJpbfwm++QkVUXx/tsa7tCMTDpB882nPydtl+
0BkDseYHjwu+kVbBweXAJXvRoo74zNjXmAVv4Ib4o92Pnz8WAElxB8zJpB/zw4LH
ZQaw3e0e82OGCDcsrd/yYsWR5nDYP00KQQcKglf4gaajJP2Gy6GaNOORcbdsBiOR
Ypzcw/0mEpVIVYtvz3F5y46gsa5I0ocacwo+6S8UYiMEejOqMH/t/yFCsG5t1G/1
8Q3Vvr/77KR2K7MJkliFnjbEguItFPu2m8bnNIr0am08g5SnBmjqvgrGiHhHDdA=
=1Ocj
-----END PGP SIGNATURE-----

More information about the squid-users mailing list