On 11/27/19 12:31 AM, --Ahmad-- wrote: > im looking for limiting TCP req/sec on squid to X speed . There are many terminology problems on this thread, but just for the record, you can use Squid external ACLs to limit: 1. the rate of incoming HTTP requests 2. the rate of outgoing HTTP requests 3. the acceptance rate of incoming HTTP/TCP connections 4. the establishment rate of outgoing HTTP/TCP connections In all these cases, Squid would have to act (i.e. block or delay) the requests or connections exceeding the configured rate _after_ parsing the offending request[1,2,3 and may be 4] or even response[4]. This delayed reaction may be enough for your use case of protecting a service behind Squid, but it is a deadly limitation in many contexts (e.g., DoS mitigation). Until support for connection IDs is added to Squid (there is a project for that), your external ACL would have to rely on TCP/IP addresses to identify new HTTP/TCP connections (if needed). Whether Squid is the right tool for the job depends on many factors. One of the primary factors is whether you need HTTP-level information to make some of the rate limiting decisions. Another factor is whether you want to send a user an error response when they exceed the configured rate. My guess is that cases 1 and 2 are best supported using Squid while cases 3 and especially 4 may be best implemented using TCP/IP-level tools such as iptables. HTH, Alex. > say i have an instance running . > > > i want to limit it to 100 req/sec for “new connections “ not just for concurrent connections . > > so if connection is old or “ established “ its out of the game . > if the connection is new , all new should be limited to 100 req/sec . > > i made search on all max_conn but it seems count “concurrent sessions “ even old + new . > > is there a way in squid to limit only new sessions ? > > > Thanks > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
