[squid-users] reply_body_max_size not always enforced

Matus UHLAR - fantomas uhlar at fantomas.sk
Fri Nov 1 11:22:27 UTC 2019


On 01.11.19 09:22, Eduard Weissmann wrote:
>I've configured Squid to block large resources:
>
>reply_body_max_size 50 MB all
>
>Blocking works for some urls, (HTTP/1.1):
>http://download.thinkbroadband.com/1GB.zip
>
>But it does not work for others (HTTP/2):
>https://upload.wikimedia.org/wikipedia/commons/0/0b/Sandro_Botticelli_-_La_nascita_di_Venere_-_Google_Art_Project_-_edited.jpg
>
>I'm wondering: why is the second URL not blocked? Is it because the
>response is HTTP/2?

I assume it's not blocked because it's https, thus ('s' meas secure)
encrypted and squid only sees TCP tunnel made through it, not any requests
and responses, so it can't block either.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.


More information about the squid-users mailing list