On 18/11/2015 8:53 p.m., Filippo Martinelli wrote: > I'm struggling with squid delay pools. The documentation I found is very > poor and on internet there is contradictory and possibly surpassed > information. I would appreciate if you can point me to exhaustive > information on delay pools. > > First question: > > acl aclname url_regex -i \.exe > > will it match an HTTPS request ? According to my experience and from some > posts it will not, so cannot find any easy way to limit the bandwidth used > to download .exe files from an HTTPS connection. Am I missing something ? > The only suggestion google gave is to use something like "acl aclname > methoid CONNECT" but it is too generic and will not discriminate between > long .exe download or single page access on HTTPS connections. "HTTPS" is not a single thing, or message type. It is a term to describe an entire stack of multiple-layered protocols. To do anything at all with URL or any other HTTP message details in what could be termed an "HTTPS request" requires decrypting the TLS layer to find the HTTP message secured inside it. ItFrom that description it sounds to me like you are dealing with a plain-text HTTP message of method CONNECT. There is almost zero information in those. Apart from the domain name of the server the client wants to talk to and maybe the client UA device, you are out of luck using any of the more normal request/reply message details to decide on the pool. Squid should still be able to delay pool those CONNECT tunnels though. But only as a whole thing, and there are still open bugs with unknown causes. You need a fairly recent version of Squid for it to work even halfway close to "properly". For bandwidth control it is often better to use the QoS / TOS functionality provided by your OS. Squid can output per-request values for those systems to work with using qos_flows, tcp_outgoing_tos or tcp_outgoing_mark. > > Second question: > > acl streaming_exe rep_mime_type application/octet-stream > > Can rep_mime_type be used with delay_access poolNumber allow ? Again, > according to my experience and to some very old posts in internet it will > not work, but the documentation lacks this important limitation. Of the current Squid only 4.0.2 or later can do that. (re-)assiging pools based on HTTP response details was only very recently ported from Squid-2.6. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
