Search squid archive

Re: maxconn acl with acl_uses_indirect_client

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I think: I have found client_db:
It verifies that client_db includes "client address" not "indirect
client address" even if "acl_uses_indirect_client=on":


 mgr:client_list

HTTP/1.0 200 OK
Server: squid/3.1.9
Mime-Version: 1.0
Date: Fri, 28 Jan 2011 12:57:35 GMT
Content-Type: text/plain
Expires: Fri, 28 Jan 2011 12:57:35 GMT
Last-Modified: Fri, 28 Jan 2011 12:57:35 GMT
X-Cache: MISS from localhost.localdomain
X-Cache-Lookup: MISS from localhost.localdomain:3129
Via: 1.0 localhost.localdomain (squid/3.1.9)
Connection: close

Cache Clients:
Address: 127.0.0.1
Name:    localhost.localdomain
Currently established connections: 36
    ICP  Requests 0
    HTTP Requests 217
        TCP_MISS                 216 100%
        TCP_DENIED                 1   0%

TOTALS
ICP : 0 Queries, 0 Hits (  0%)
HTTP: 217 Requests, 0 Hits (  0%)



Squid is (squid/3.1.9)
Provious proxy is Dansguardian and users has proxy configuration
dansguardian port.

--
Oguz YILMAZ



On Fri, Jan 28, 2011 at 2:52 PM, Oguz Yilmaz <oguzyilmazlist@xxxxxxxxx> wrote:
> To sum up, I think maxconn acl directive does not rely on indirect
> client addresses in case of "acl_uses_indirect_client=on".
>
>
> follow_x_forwarded_for allow all
> acl_uses_indirect_client on
> client_db on
> acl maxconn-per-client maxconn 2
> acl client-192.168.0.1 src 192.168.0.1/32
> http_access deny maxconn-per-client client-192.168.0.1
>
>
> In such configuration When I debug squid through cache.log, it returns
> true for 192.168.0.1 (that is acl_uses_indirect_client works), but
> never returns "acl maxconn-per-client maxconn 2" true even when it
> should.
>
> To attest I added "client_ip_max_connections 2" just after "client_db on" line.
>
> In the log I see
>
> 2011/01/28 14:44:41| WARNING: 127.0.0.1:35383 attempting more than 2
> connections.
> 2011/01/28 14:44:41| httpAccept: FD 13: accept failure: (0) Success
>
> To attest I get mgr:info
>        Number of clients accessing cache:      1
> (network is about 25 PCs)
>
> This makes me think, that client_db has client information as
> 127.0.0.1 previous proxy IP even if I enabled
> acl_uses_indirect_client.
>
> 1- Is it true?
> 2- How can I see client_db database
> 3- How can I apply per "indirect client" connection limiting in squid.
>
>
> Note:
> This configuration correctly works for indirect client ip address. So
> I assume "acl_uses_indirect_client on" is working.
> follow_x_forwarded_for allow all
> acl_uses_indirect_client on
> client_db on
> acl oguz src 192.168.0.170/255.255.255.255
> tcp_outgoing_address 172.16.1.1 oguz
>
> Best Regards,
>
> --
> Oguz YILMAZ
>
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux