Exclude external ip's from squid

despotadmin · May 11, 2009, 8:42 AM

Hi everyone,

I'm using pfsense 1.2.2 with squid&squidguard. Squid configuration has "Maximum download size" to 1GB. This way user can't download any material large than 1GB . But i want to exclude some sites or file extension this limit. For example OpenSuse iso :4.2GB or any iso file like this. I search forums and web bu i can't find about this. How can i make it?

Thanks.

Gloom · May 12, 2009, 7:25 AM

You'll need to create a new acl in your squid.conf file with a line something like this

acl allowfile urlpath_regex "/etc/squid/allow-file-byextension.acl"

Then in the file allow-file-byextension.acl you need something like this

.[Ii][Ss][Oo]$

save the file, restart squid and test.

despotadmin · May 12, 2009, 9:06 AM

I did it but no success. But i solve the problem.

In squid.conf have :

reply_body_mаx_size 4250000 аllow аll

I add new acl and change this line to below


acl iso urlpath_regex \.[Ii][Ss][Oo]$
reply_body_mаx_size 0 аllow iso
reply_body_mаx_size 200000 аllow аll

This way users can download all size .iso files and 200MB max other files.

Ofcourse when i save the Webgui these line are gone!

mhab12 · May 12, 2009, 2:34 PM

Make your changes in squid.inc - this way they will be saved even when you press 'save' in the web GUI.

despotadmin · May 13, 2009, 6:38 AM

@mhab12:

Make your changes in squid.inc - this way they will be saved even when you press 'save' in the web GUI.

Thanks for tip.

jigpe · May 13, 2009, 10:40 AM

Good evening. Is it possible also to use private proxy host and port? Instead of using the default proxy server ip and port 3128 of pfsense? kindly show mee the way how to do this?I think its in the Squid proxy server > Custom but im not sure though its not working when i put proxy_private_ip:port… Thanks
jipg
Davao City