2018-03-20 10:25 GMT-04:00, Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 19/03/18 23:03, Anoop Sreedharan wrote: >> Dear Team, >> We have an IT environment catering to educational institute wherein we >> have approx more than 1000 users accessing the internet. >> >> having a volume based internet subscription, we are in need to have a >> solution wherein i need to restrict users to a certain volume of quota >> per month and upon crossing that threshold, need to either stop their >> access or throttle their bandwidth speed. >> >> following is the scenario. having an internet link of 50Mbps in my campus >> >> 1. users have to be authenticated via Active Directory -- i.e. users in >> a certain AD group should only get access to internet >> 2. should be able to define a volume threshold ( e.g 100GB per group/per >> user) >> 3. upon exhaustion of the volume the user bandwidth should b throttled >> to, say, 256Kbps. OR block internet access to that user completely. >> 4. this volume calculation should be done for both HTTP and HTTPS based >> session. >> 5. should be able to generate a monthly report showcasing the volume >> consumed by specific user during a specific time-frame by showing the >> spread of the volume distributed within websites visited/downloaded from. >> >> Kindly help to suggest this could be possible with Squid. >> I am open to using some log analytics mechanism like sarg or anything >> similar for reporting. > > Quota is not a concept easily applied to HTTP messaging since it is a > stateless protocol and operates in terms of entire messages - not > packets or bytes. As such there is intentionally no mechanism to > maintain statefulness between transactions for quota controls to use in > Squid. > > There is also a rather lot of traffic details outside of HTTP an unknown > to Squid which greatly affect the relationship between what Squid sees > as bandwidth and what actually occurs "on wire". That all makes the OS > networking stack a much better place to do such management. > > Most OS these days provide very capable tools for QoS bandwidth > management. Squid provides configuration features to integrate with > those, delivering packet TOS markings per-transaction or per-message for > the machines OS systems to utilize in their QoS flow identification and > accounting. > > > > Log analysis (eg SARG) and helpers are other possibilities that worked > in the past ... > > BUT these methods have always suffered from the problem of only > accounting for traffic usage at the end of a completed HTTP transaction > and authorizing users only at the beginning. The difference can see > large amounts of over-usage and CONNECT tunnels are the worst-case > scenario there as they may last for days/weeks with "infinite" amount of > traffic usage meanwhile. > > Added to those problems we now face most traffic being HTTPS ... which > goes through proxies via CONNECT tunnels. So much for those ways of > doing quotas. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > You can use Squish, and project to count the squid quote navigation, reading the log file. Here the URL www.mcgill.org.za/software/squish/ YnievesDotNet _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
