[squid-users] Problem with upload size limit in squid

Alex Rousskov rousskov at measurement-factory.com
Fri Feb 26 14:59:24 UTC 2021


On 2/25/21 8:44 PM, Raj Nagar wrote:

> Is there any way by which I can enforce these
> limits on other protocols as https?

If you want to enforce HTTP request size limits for HTTPS transactions,
then you have to bump TLS connections (to see HTTP inside TLS).

If you want to enforce connection limits for TLS (and other non-HTTP)
connections, then you can either enhance Squid or perhaps use some
TCP-level software that can track individual TCP connection usage. Since
this option deals with TCP connections, it cannot limit individual HTTP
uploads, only the total amount of bytes sent by the client. One TLS/TCP
connection could carry one (encrypted) request or thousands of
(encrypted) requests or even non HTTP traffic -- Squid cannot tell
without bumping that TLS connection.

Both options have ugly drawbacks. There is no good solution for what you
want to do (if you do not control the browser).

Alex.


> On Thu, Feb 25, 2021, 23:33 Alex Rousskov wrote:
> 
>     On 2/24/21 11:51 PM, Raj Nagar wrote:
> 
>     > I am using squid as forward proxy and want to restrict upload of files
>     > larger than 1 MB. I have used following configuration for
>     > same: *request_body_max_size 1 MB*.
>     > But this is not working for me and I am able to upload larger files.
>     > Can someone please help for same. Thanks in advance
> 
>     Does your Squid have access to the HTTP request information? For
>     example, if it is an HTTPS request, and you are not bumping the
>     corresponding TLS connection, then Squid would not be working at HTTP
>     level and, hence, would not be able to limit individual HTTP request
>     sizes.
> 
>     The corresponding access.log record may tell us more about the
>     problematic transaction.
> 
> 
>     HTH,
> 
>     Alex.
> 



More information about the squid-users mailing list