[squid-users] reply_body_max_size && external_acl

Thu, 07 Jun 2012 21:50:50 -0700 

I am having problems getting an external acl to work with reply_body_max_size
The steps I have taken are as follows:
1. Define the external_acl_type response_size_check_ext_acl_type

# response_size_check_{pk}_acl pk
external_acl_type response_size_check_ext_acl_type ttl=100 negative_ttl=100 
cache=0 children=2 concurrency=20 %EXT_TAG %EXT_LOG 
/usr/share/bin/ext_acl_payload_check -c 20 --key=response_size_restriction

2. Create a number of acl's using this type in squid.conf, for example, then 
applying it to reply_body_max_size

acl response_size_13_acl external response_size_check_ext_acl_type 13
http_reply_access allow response_size_13_acl !all
reply_body_max_size 13 MB response_size_13_acl !all

The '13' argument is to tell the external acl what the size restriction is 
going to be
the next line tests the acl, caching the result as external acl's are 'slow'
the final line, I am expecting to get the cached result and limit max_size to 
13MB if 'response_size_13_acl' returns OK.

This is the log from the external acl, which suggests the acl is called and it 
returns OK

2012-06-08 14:23:18,785 
advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check 
[24441:177142764] INFO: KEY IS response_size_restriction
2012-06-08 14:23:18,786 
advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check 
[24441:177142764] INFO: addval ['13']
2012-06-08 14:23:18,786 
advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check 
[24441:177142764] INFO: VALUES - [13]
2012-06-08 14:23:18,786 
advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check 
[24441:177142764] INFO: Begining value checking loop
2012-06-08 14:23:18,786 
advance.policy.management.commands.ext_acl_payload_check@ext_acl_payload_check 
[24441:177142764] INFO: Other Value type found - ie int
2012-06-08 14:23:18,787 advance.utils.management.base@base [24441:177142764] 
INFO: ext_acl_payload_check Response: '0 OK'

I have tried other 'slow' acl's using this method and it appears to work fine, 
for example

#TEST USER ACL
acl test_user proxy_auth "/usr/blocked/users_1.txt"
#testing fast/slow performance against cache for reply_body_max_size
http_reply_access allow test_user !all
reply_body_max_size 1 MB test_user

Any thoughts would be most welcome

Reply via email to