Restricting download limit in Squid

squid

I wanted to restrict the download limit in the Squid proxy so I added the following two lines in the squid.conf.

acl officelan dst 192.168.1.0/24

reply_body_max_size 30000000 deny officelan

Now, I want to allow some/particular IP to download more than 30MB limitation so I included another acl as alowedip and included the following lines but this is not working.

acl allowedip dst 192.168.1.81

reply_body_max_size 0 allow allowedip

How do I allow acl allowedip to have unlimited download ?

Warm Regards

Supratik

Best Answer

Squid checks for matches in the order they are written in the conf file from top to bottom.

Make sure that the 

reply_body_max_size 0 allow allowedip

is before the 

reply_body_max_size 30000000 allow officelan

If you're using a new (>v3) version of squid then there is no need for the allow and deny e.g.

reply_body_max_size 0 allowedip
reply_body_max_size 30000000 officelan

EDIT

Tested using centos 5.5 and squid 2.6.STABLE21 2 machines on the same network as the proxy. Here's the relevant entries from my squid.conf

acl t1 src 192.168.254.200
acl t2 src 192.168.254.0/24

http_access allow t1
http_access allow t2

reply_body_max_size 0 allow t1
reply_body_max_size 100000 allow t2

This works as expected - reducing the byte size in the second statement (and restarting squid) eventually causes squid to refuse the transfer.

Related Topic