To sum up, I think maxconn acl directive does not rely on indirect
client addresses in case of "acl_uses_indirect_client=on".
follow_x_forwarded_for allow all
acl_uses_indirect_client on
client_db on
acl maxconn-per-client maxconn 2
acl client-192.168.0.1 src 192.168.0.1/32
http_access deny maxconn-per-client client-192.168.0.1
In such configuration When I debug squid through cache.log, it returns
true for 192.168.0.1 (that is acl_uses_indirect_client works), but
never returns "acl maxconn-per-client maxconn 2" true even when it
should.
To attest I added "client_ip_max_connections 2" just after "client_db on" line.
In the log I see
2011/01/28 14:44:41| WARNING: 127.0.0.1:35383 attempting more than 2
connections.
2011/01/28 14:44:41| httpAccept: FD 13: accept failure: (0) Success
To attest I get mgr:info
Number of clients accessing cache: 1
(network is about 25 PCs)
This makes me think, that client_db has client information as
127.0.0.1 previous proxy IP even if I enabled
acl_uses_indirect_client.
1- Is it true?
2- How can I see client_db database
3- How can I apply per "indirect client" connection limiting in squid.
Note:
This configuration correctly works for indirect client ip address. So
I assume "acl_uses_indirect_client on" is working.
follow_x_forwarded_for allow all
acl_uses_indirect_client on
client_db on
acl oguz src 192.168.0.170/255.255.255.255
tcp_outgoing_address 172.16.1.1 oguz
Best Regards,
--
Oguz YILMAZ
