Amos, Thank you very much for your answer, that's explain why the same configuration was OK in our lab with a /24 but not in our client architecture which is in /8. However, you suggest "tcp_outgoing_tos", do you confirm that is gonna use the kernel to proceed of limiting bandwith? best regards, Romain 2011/10/7 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 07/10/11 22:35, Romain wrote: >> >> Hi, >> >> We'd like to limit our bandwith / file type with using ACL and delay >> pool. Our Squid (2.6e21) is configured as a reverse proxy, in front of >> a apache server (2.2.3) >> >> - We don't have any error starting Squid but the delay pool seams not >> working. >> - If you use acl with http_deny directive, there no problem and files >> are not allowed to be download. >> - We also tried to use delay_class 1 with ACL all and it's not working. >> > > Problem #1: You said "reverse proxy" > > Squid delay pools are designed for forward proxy. They work with a pool > resolution of /16 through to /32. Larger networks /8 or in reverse-proxy > case of /0 get lots of overlapping and people sharing bandwidth counters. > > You would be better using tcp_outgoing_tos and the ACL to send a > TOS/DiffServ marker for some OS rules to do rate-limiting with. > > >> Here you have the delay pool configuration: >> >> #ACL identifiant les fichiers hebdomadaires, mensuels et complets >> acl fichiers url_regex -i \^*ful25.m25$ \^*m25.m25$ \^*cur25.m25$ > > So.... > acl fichiers url_regex -i (ful|m|cur)25.m25$ > >> >> #Declaration des pools de gestion de bande passante >> delay_pools 2 >> >> #definition du pool concernant les fichiers volumineux. >> #Chaque poste d'un réseau dispose de 30Ko/s de bande passante, >> #un sous réseau de classe C dispose de 50 Ko/s >> #et la totalité des postes demandant ce type de fichiers disposent de >> 1Mo/s >> delay_class 1 3 >> delay_access 1 allow fichiers >> delay_access 1 deny all >> delay_parameters 1 1048576/1048576 50200/50200 30720/50200 >> >> #definition du pool pour les autres fichiers >> #Aucune limite n'est positionnée pour le moment >> delay_class 2 3 >> delay_access 2 deny fichiers >> delay_access 2 allow all >> delay_parameters 2 -1/-1 -1/-1 -1/-1 > > This #2 pool is useless. "-1/-1" means no-limit. > > BUT, not limiting the !fichiers group is what the delay_access lists for > pool #1 already said. > > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.15 > Beta testers wanted for 3.2.0.12 >
