Search squid archive

acl maxconn and max_user_ip config help please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I want to limit max simultanious connections for any user in group foo, and also limit how may different IPs they can have devices logged in from at any 
one time.

I've had squid3 working well with a very simple policy for years just allowing access from two different ip ranges, but now want to make my proxy server 
available to others. 
I have things working well with one group called foo listing some names, after using something very similar to the recommended minimum defaults. 

acl foo proxy_auth user1 dumbuser someoneelse

But when I add the lines below to try and set a limit for group fooI can not connect at all, get a connection denied error.
acl foo maxconn 15
acl foo max_user_ip -s 5
And these were the last httpaccess lines
http_access deny !foo
#http_access allow localnet
  
I am very new to anything other than some very basic configuration, so may be misunderstanding almost anything, so all help will be well received even if 
it just confirms something I thought.

Also if I want to make a more restrictive policy, i.e. fewer connections for folks not in group fooam I correct in thinking it would go before, the foo 
rule?
   I guess I'd either make another groupand give them access and change foo's access to allow insteal of deny, or is there a better way?
Sometimes I think I understand the basic rules about order and such pretty weell, but feel confused at the moment...lol
  
Actually my current working configuration has the allow localnet line above the foo acl line and 
 these as the last acl and httpaccess lines
http_access deny !foo
At this point should I have an allow all line since the httpaccess line for foo is deny, or should the last line always be deny all? Smoke started comming 
out of my ears trying to understand some of the explanation for that...
     
Thanks in advance for any and all help. 
BTW, I am stuck using 3.1.19 I think it is as my server is running ubuntu 12.04 for a bit still, i.e. I know some options have changed a bit since 
squid3.1.

-- 
     B.H.
   Registerd Linux User 521886

Attachment: signature.asc
Description: PGP signature

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux