On Wed, Jan 13, 2010 at 11:48 AM, Matus UHLAR - fantomas
<uhlar@xxxxxxxxxxx> wrote:
> On 07.01.10 10:18, Niti Lohwithee wrote:
>> I 'm using Squid stable 2.5 stable 14 running on Linux ES 4 . My
>> server use NCSA for authentication.
>
> that's damn old version...
>
>> I have faced a problem about proxy sharing. Some users have set the
>> another proxy server--CCproxy-- and point to my proxy. I can not
>> prevent it to share using proxy.
>
> what kind of problem do you encounter? Why can't your users use
> intermediarte proxies?
>
>> Anyone please give me some advics, How to block it ?
>
> you could see what headers do those proxies add to requests and deny all
> requests containing those headers. Note that users apparently can disable
> adding of those headers...
If the proxy is authenticated you can set the max_user_ip parameter;
if it's not the most effective tool is IMO delay pools. Define a
"sufficient" bandwidth per client IP (e.g. with an high startup
availability and slow refill). Those who share, will have to share the
bandwidth, and the user experience will quickly degrade. This will
give people good incentive not to share "too much".
Alternatively, just talk to the biggest resource hogs, and remind them
that whatever happens from their IP address is their responsibility.
Many will just stop when they know you're onto them.
--
/kinkie
