On 27/10/2015 7:42 a.m., De Lazzari Matteo wrote: > > Hi, is it possible to use Active directory groups in delay pools > configuration? Yes. Although to do it easily will require a Squid-3.4 or later where transaction annotations are available. Also a helper that sends back the group=X to Squid about what group(s) the user is in (could be auth helper or external ACL helper). So far only the kerberos auth helper does that and it sends the SSID value as the group=X value for all the groups listed in the Kerberos token. With a helper returning the group names to Squid, a "note" type ACL can be used to check the group=X annotation values in any access control rules. Including delay_access. > And someone can tell me an example about how to use > class 5 delay pool? > That delay pool requires that an external_acl_type helper is being used and sending some tag=X back to Squid to attach 'tag' each request / transaction. That helper has to be tested on one of the *_access rules where async / slow group lookups will work. The delay_access rules will *not* work since they are a fast-group check. http_access is the usual place and the heper decides both whether to allow use of Squid and what to tag the request with. You define the pool to be of class 5 with a Bytes/sec rate: delay_pools 1 1 delay_parameters 1 5 20480 You define delay_access to match for the requests that are to have that pools traffic rate limit applied: delay_access 1 allow localnet Squid will automatically arrange so each unique tag=X value the helper assigns to those pooled requests will have a pool. All requests to which the helper replies 'tag=ZZ' will share a one pool, but requests the helper replies with 'tag=YY' will have a different pool. etc. Requests not having a tag at all share one pool (I think, havent checked that). That is it. The difficult bits are that only one tag= value can be assigned to a transaction, attempts to repeat or alter one assigned wont work, and that detail about the async/slow access lists being the only ones where the helper can be checked. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
