did you read http://wiki.squid-cache.org/Features/DelayPools ?? Le mardi 15 juin 2010 14:42:13, Jorge Perez a écrit : > Hello, we are implementing a squid proxy server in my office. > > The principal idea is to limit bandwith using delay pools and also block > some websites. > > We have made our config and its working, but we dont know if everyting is > correct specially in the delay pools part. > > **Introduction: > > We have dedicated broadband with : > 4MB FOR INTERNATIONAL TRAFIC > 100MB FOR NATIONAL > PROXY: 192.168.169.3 > GATEWAY: 192.168.169.2 > Users: like 150 daily > > **We want to divide our internal lan in 5 groups with the following rules > PER USER. > > GROUP 1: normales from 192.168.169.30 to 192.168.169.129 > > -If a user exceeds 10mb when downloading a file limit to 10kb of download > speed. > > GROUP 2: tecnicos from 192.168.169.130 to 192.168.169.149 > > -File bigger than 50mb, limit to 30kb > > GROUP 3: administrador 192.168.169.150 to 192.168.169.189 > > -File bigger than 100mb limit to 30kb > > GROUP 4: estudio 192.168.169.190 to 192.168.169.219 > > -No downloads for files or very slow, but freely web surfing including > youtube. > > GROUP 5: gerencia 192.168.169.220 to 192.168.169.252 > > -Everyting unlimited > > **We want to block the following sites from 192.168.169.1 to > 192.168.169.129 : > > BLOCK: > [CODE].facebook.com .twitter.com .doubleclick.com .fotolog.com > .warez-bb.org .fotolog.cl .chilewarez.org .rapidshare.com .megaupload.com > .rapidshare.de .mediafire.com .hotfile.com .myspace.com .fotolog.terra.cl > .fotologs.com .portalnet.cl .taringa.net .antro.cl .chilewarez.cl > .chilebt.com .shared.cl .comparte.cl .mininova.org .torrentz.com > .flickr.com .flicker.net .keepvid.com .kotteshiro.com .no-ip.org > .no-ip.com .redtube.com .xnxx.com .muyzorras.com .bananacorp.cl > .orgasmatrix.com .depositfiles.com[/CODE] > > **From: 192.168.169.130 to 192.168.169.149 > BLOCK: Same as above unless facebook.com > > **Deny from 192.168.169.1 to 192.168.169.29 DOWNLOADING THE FOLLOWING > EXTENSIONS: [CODE].exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg > .mpe .mpg .qt .ram .rm .iso .raw .wav .mov[/CODE] > > [B]We dont know if the rules per group are possible with the bandwidth we > have, also everyone surfs a lot youtube, we need that to not eat so much > bandwith[/B]. > > Here is our current squid.conf > > [QUOTE] > http_port 192.168.169.3:3128 transparent > cache_dir ufs /usr/local/squid/var/cache 250 16 256 > cache_effective_user squid > cache_effective_group squid > access_log /usr/local/squid/var/logs/access.log squid > ################################ > acl localnet src 192.168.169.0/255.255.255.0 > acl localhost src 127.0.0.1/255.255.255.255 > acl all src 0.0.0.0/0.0.0.0 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > #### SITIOS BLOKEADOS ##### > acl restobb src 192.168.169.1-192.168.169.129 > acl sucky_urls dstdomain .facebook.com .twitter.com .doubleclick.com > .fotolog.com .warez-bb.org .fotolog.cl .chilewarez.org .rapidshare.com > .megaupload.com .rapidshare.de .medi$ deny_info > [url]http://www.xxxxxxx.xx/error.html[/url] sucky_urls > http_access deny restobb sucky_urls > ######################## NO DESCARGAS ##### > acl resto src 192.168.169.1-192.168.169.29/32 > acl descargas_negadas url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip > .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov deny_info > [url]http://www.xxxxxxxxxx.xx/error.html[/url] descargas_negadas > http_access deny resto descargas_negadas > ######################## SITIOS CASI BLOKEADOS ############### > acl restobb2 src 192.168.169.130-192.168.169.149 > acl sucky_urls2 dstdomain .twitter.com .doubleclick.com .fotolog.com > .warez-bb.org .fotolog.cl .chilewarez.org .rapidshare.com .megaupload.com > .rapidshare.de .mediafire.com .de$ deny_info > [url]http://www.xxxxxxxx.xx/error.html[/url] sucky_urls2 http_access deny > restobb2 sucky_urls2 > ######################## > http_access allow CONNECT SSL_ports > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > ######################## > http_access allow localnet > http_access allow localhost > http_access deny all > ############################## > http_reply_access allow localnet > http_reply_access deny all > ############################# > #REGLAS DESCARGAS > acl normales src 192.168.169.30-192.168.169.129/32 > acl tecnicos src 192.168.169.130-192.168.169.149/32 > acl administrador src 192.168.169.150-192.168.169.189/32 > acl estudio src 192.168.169.190-192.168.169.219/32 > acl gerencia src 192.168.169.220-192.168.169.252/32 > acl descargas url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar > .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov > > delay_pools 5 > > delay_class 1 1 > delay_parameters 1 10240/10485760 10240/10485760 > delay_access 1 allow normales descargas > delay_access 1 deny all > > delay_class 2 1 > delay_parameters 2 30720/104857600 30720/104857600 > delay_access 2 allow tecnicos descargas > delay_access 2 deny all > > delay_class 3 1 > delay_parameters 3 30720/104857600 30720/104857600 > delay_access 3 allow administrador descargas > delay_access 3 deny all > > delay_class 4 1 > delay_parameters 4 -1/-1 -1/-1 > delay_access 4 allow gerencia descargas > delay_access 4 deny all > > delay_class 5 1 > delay_parameters 5 10240/10240 10240/10240 > delay_access 5 allow estudio descargas > delay_access 5 deny all > > [/QUOTE] > > [B]I hope that u guys can help us out to achieve what we are looking > for.[/B] > > You can see this more clearly at > http://www.linuxquestions.org/questions/showthread.php?p=4004534#post40045 > 34
