Amos Jeffries wrote:
On Sun, 09 Aug 2009 15:03:10 +0100, Dayo Adewunmi <contactdayo@xxxxxxxxx>
wrote:
Amos Jeffries wrote:
Dayo Adewunmi wrote:
Amos Jeffries wrote:
Dayo Adewunmi wrote:
Hi
Is this a valid config line?
delay_access 6 allow lan-students magic_words url_words
Maybe.
Are "lan-students", "magic_words" and "url_words" the names of
defined ACL?
Or do I need one for each acl?
You imply that they are, which makes the answer to the first
question yes. And the second question:
maybe yes, maybe no.
Since question 2 requires that we are psychic and can understand
both what you intend to do with that single line and what the rest
of your configuration looks like. There is no way we can do any
better answers.
Amos
Sorry about that. Yes, the three are ACLs. lan-students is a /24 IP
range
acl magic_words url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip
.rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
acl url_words url_regex -i ictp
Um, yeas those really are "words", with regex like that they can
appear anywhere in the URL at all.
For example www.prettyavians.com will match magic_words, as will
example.com/drawings/index.html and
http://google.com/search?q=foo&ts=asuhihvrpmsvsd
This is the complete delay pool definition for these ACLs:
delay_class 6 3
delay_parameters 6 800/4000 1000/1000 600/800
delay_access 6 allow lan-students magic_words url_words
delay_access 6 deny all
I want lan-students to never use more than 4000bytes of my bandwidth,
and for the same
to apply to users (including those in a different delay pool) who
download .mp3s, .zips, or
use FTP to have this same restriction. This 4000bytes limit should
also apply to those who
access websites with 'ictp' in the URL.
So, basically, any user who downloads mp3s and such, use FTP,
navigates to ictp domains,
should have their requests handled by the 6th delay pool: 800/4000
1000/1000 600/800, i.e.
actually 600bytes refresh/800bytes max.
Dayo
Take what you just explained and write your access lines that way...
(delay lan-students)
delay_access 6 allow lan-student
(or anyone using FTP)
acl ftp proto FTP
delay_access 6 allow FTP
(or anyone downloading .mp3s etc)
acl bad_downloads url_regex -i \.mp3(\?.*)$
delay_access 6 allow bad_downloads
(or any URL with ictp in it)
delay_access 6 allow url_words
(but thats all)
delay_access 6 deny all
Note the regex I use above to match .mp3 file extensions. With all
extra code characters it will only match at the end of a URL file name.
Amos
Would the below delay pool definition work?
No. The regex is not valid. see below.
Is there a
difference/advantage of putting each
ACL in its own line, or is it all the same?
Yes there is a difference.
http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-57610c67cac987182f6055118dd6d29e1ccd4445
All the items listed in an ACL name are OR'd together. (any _one_ may
match)
All items on the same *_access line are AND'd together. (_all_ must match)
acl bad_downloads url_regex -i
[.mp3$|.exe$|.mp3$|.vqf$|.tar.gz$|.gz$|.rpm$|.zip$|.rar$|.avi$|.mpeg$|.mpe$|.mpg$|.qt$|.ram$|.rm
$|.iso$|.raw$|.wav$]
[] means any single character between.
meaning your regex may as well be written [.mp3$exvqftarpimsow|] and
matches every URL possible.
What I think you meant is:
acl bad_downloads url_regex -i
\.(mp(3|g|eg?)|exe|vqf|.gz|rpm|zip|avi|qt|ra?m|iso|raw|wav)(\?.*)$
acl ftp_downloads proto FTP
delay_class 6 3
delay_parameters 6 800/4000 1000/1000 600/800
delay_access 6 allow lan-students bad_downloads ftp_downloads
lan-students
Will block the bad word files only if being downloaded via FTP by a
student.
Student downloading via HTTP will be non-delayed, any people who are not
student will be non-delayed, any FTP access which is not a bad download
will be non-delayed.
delay_access 6 deny all
Dayo
Amos
Thank you, Amos. You've been a huge help with this! :-)
Dayo
