Search squid archive

delay pools and ident access lists.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!
I'd like to setup separate delay pools for different users of multi-user box. Does delay_pools supposed to work with ident acls? I tried following setup: 

---
acl sunray2 src 195.208.251.171
acl user01 ident user01

ident_lookup_access allow sunray2
ident_lookup_access deny all

http_access allow sunray2 user01

delay_class 2 1
delay_access 2 allow sunray2 user01
delay_parameters 2 16384/16384
---

And it doesn't work. If I change delay_access 2 to be

delay_access 2 allow sunray2
then all traffic for sunray2 is limited to 16Kbps. So it looks like acl user01 doesn't work. But usernames are being logged in access log: 

1129142174.297   5437 195.208.251.171 TCP_MISS/200 3014657 GET http://ftp.rsu.ru/pub/FreeBSD/releases/i386/ISO-IMAGES/5.4/5.4-RELEASE-i386-disc1.iso user01 DIRECT/195.208.245.253 application/octet-stream

Enabling debug gives me this:

2005/10/12 18:36:08| aclCheck: checking 'http_access allow sunray2 user01'
2005/10/12 18:36:08| aclMatchAclList: checking sunray2
2005/10/12 18:36:08| aclMatchAcl: checking 'acl sunray2 src 195.208.251.171'
2005/10/12 18:36:08| aclMatchIp: '195.208.251.171' found
2005/10/12 18:36:08| aclMatchAclList: checking user01
2005/10/12 18:36:08| aclMatchAcl: checking 'acl user01 ident user01'
2005/10/12 18:36:08| aclMatchAclList: returning 0
2005/10/12 18:36:08| aclCheck: Doing ident lookup
2005/10/12 18:36:08| aclCheck: checking 'http_access allow sunray2 user01'
2005/10/12 18:36:08| aclMatchAclList: checking sunray2
2005/10/12 18:36:08| aclMatchAcl: checking 'acl sunray2 src 195.208.251.171'
2005/10/12 18:36:08| aclMatchIp: '195.208.251.171' found
2005/10/12 18:36:08| aclMatchAclList: checking user01
2005/10/12 18:36:08| aclMatchAcl: checking 'acl user01 ident user01'
2005/10/12 18:36:08| aclMatchUser: user is user01, case_insensitive is 0
2005/10/12 18:36:08| Top is 0x820e8e0, Top->data is user01
2005/10/12 18:36:08| aclMatchUser: returning 1,Top is 0x820e8e0, Top->data is user01
2005/10/12 18:36:08| aclMatchAclList: returning 1
2005/10/12 18:36:08| aclCheck: match found, returning 1
2005/10/12 18:36:08| aclCheckCallback: answer=1

2005/10/12 18:36:08| aclCheckFast: list: 0x827e830
2005/10/12 18:36:08| aclMatchAclList: checking sunray2
2005/10/12 18:36:08| aclMatchAcl: checking 'acl sunray2 src 195.208.251.171'
2005/10/12 18:36:08| aclMatchIp: '195.208.251.171' found
2005/10/12 18:36:08| aclMatchAclList: checking user01
2005/10/12 18:36:08| aclMatchAcl: checking 'acl user01 ident user01'
2005/10/12 18:36:08| aclMatchAclList: returning 0
2005/10/12 18:36:08| aclCheckFast: no matches, returning: 0
As far as I can understand 1st is http_access check and 2nd is delay_access check. I did a quick look at sources and found that delay_pools call only aclCheckFast which checks ident access lists only if result of ident loockup already exists. I was hoping that forcing ident loockup with http_access will cache username somewhere but this doesn't seem to work either. :( Am I doing something wrong or this setup will not work by design? 

--
Oleg Sharoiko.
Software and Network Engineer
Computer Center of Rostov State University.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux