Thu Sep 22, 2011 7:18 am
Maybe I did understand the question wrong. I thought he doesn't want to proxy large file transfers, using a transparent proxies. Transparent proxies work via NAT. You can't do L7 filters on HTTP downloads until the HTTP header shows up, which is at the earliest in packet number 4. At that point you can't NAT anymore, and thus can't transparently proxy anymore at all. Or stop transparently proxying, for that matter, because you're locked into whatever you did to the first packet.
If you're right and he wants to just prevent all large downloads completely then yeah, waiting for the content header or just dropping based on connection-bytes you can kill all large downloads.
I'd be irate as a customer, though. Sometimes I want to download large files. Prevent that and you'll stop getting money from me pretty damn quick.