Re: Delay pools problem

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Chris Robertson wrote:
> Augusto Casagrande wrote:
> > Hi everyone.
> > I'm having delay pools issues.
> > I've had declared 3 delay pools , and i'had made 3 different groups in
> > 3 text files, each file contains the name of the user corresponding to
> > the navegation speed
> > I'had declared INFO as the highest privilege group, GRAL as standard
> > navegation group , and REST as restricted navegation group.
> > My problem , is that apparently my rule is not work, as all the users
> > ara allowed in the delay_pool 1, and nobody are allowed in the other 2
> > delay_pools.
> > I guess the problem is in the delay_access section...?
> >
> > My squid.conf section :
> >
> > delay_pools 3
> >
> > delay_class 1 3
> > delay_class 2 3
> > delay_class 3 3
> >
> > delay_access 1 allow info !gral !rest
> >   
>
> While explicit as it is, this line would be better expressed (and 
> simpler for Squid to parse) as...
>
> delay_access 1 allow info
>
> ...assuming "info", "gral" and "rest" don't have any overlap.  If there 
> is overlap, the original is fine.
>
> > delay_access 1 deny gral rest
> >   
>
> This line says deny access to delay pool 1 for the intersection of gral 
> AND rest.
> Since there are no further delay_access rules for pool 1, there is an 
> implicit "delay_access 1 allow all" after.  What you should have is...
>
> delay_access 1 deny all
>
> > delay_access 2 allow gral !rest
> >   
>
> delay_access 2 allow gral
>
> > delay_access 2 deny rest
> >   
>
> delay_access 2 deny all
>
> > delay_access 3 allow rest
> > delay_access 3 deny all
> >
> > delay_parameters 1 -1/-1 -1/1024000 15000/512000
> > delay_parameters 2 -1/-1 30000/1024000 7000/512000
> > delay_parameters 3 -1/-1 30000/1024000 3000/512000
> >
> > acl info proxy_auth_regex -i "/etc/squid/info.txt" REQUIRED
> > acl gral proxy_auth_regex -i "/etc/squid/gral.txt" REQUIRED
> > acl rest proxy_auth_regex -i "/etc/squid/rest.txt" REQUIRED

That should be:

 acl ... proxy_auth REQUIRED

or
 acl ... proxy_auth -i list-of-usernames

or
 acl ... proxy_auth_regex -i list-of-usernames

Not a combo of the three on one line.

Using "REQUIRED" accepts _any_ valid usernames. It clashes with setting 
a list of specific usernames which are allowed.

> I have to imagine that the delay_parameters and ACLs are defined above 
> the delay_access lines that reference them, as Squid reads the config 
> file in a linear fashion.
>
> > Thanks in advice !
> >   
>
> Chris

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
  Current Beta Squid 3.1.0.13