I want to limit max simultanious connections for any user in group foo, and also limit how may different IPs they can have devices logged in from at any one time. I've had squid3 working well with a very simple policy for years just allowing access from two different ip ranges, but now want to make my proxy server available to others. I have things working well with one group called foo listing some names, after using something very similar to the recommended minimum defaults. acl foo proxy_auth user1 dumbuser someoneelse But when I add the lines below to try and set a limit for group fooI can not connect at all, get a connection denied error. acl foo maxconn 15 acl foo max_user_ip -s 5 And these were the last httpaccess lines http_access deny !foo #http_access allow localnet I am very new to anything other than some very basic configuration, so may be misunderstanding almost anything, so all help will be well received even if it just confirms something I thought. Also if I want to make a more restrictive policy, i.e. fewer connections for folks not in group fooam I correct in thinking it would go before, the foo rule? I guess I'd either make another groupand give them access and change foo's access to allow insteal of deny, or is there a better way? Sometimes I think I understand the basic rules about order and such pretty weell, but feel confused at the moment...lol Actually my current working configuration has the allow localnet line above the foo acl line and these as the last acl and httpaccess lines http_access deny !foo At this point should I have an allow all line since the httpaccess line for foo is deny, or should the last line always be deny all? Smoke started comming out of my ears trying to understand some of the explanation for that... Thanks in advance for any and all help. BTW, I am stuck using 3.1.19 I think it is as my server is running ubuntu 12.04 for a bit still, i.e. I know some options have changed a bit since squid3.1. -- B.H. Registerd Linux User 521886
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users