On 28/07/20 8:41 am, Service MV wrote: > Hi everybody! > I read in the squid mailing lists that delay_pools doesn't work in v4.x, > but in the documentation I don't see anything about it. * Delay pools is a fairly major feature. * "Dont work" is a very vague claim. * mailing list threads are typically started by people who don't know how to use a feature properly and having trouble because of that misunderstanding. * 4.x is an entire series of releases with many bug fixes across the (ongoing) year(s) long lifecycle. Draw your own conclusion about the accuracy of such statement on the mailing list. > I would like to know if in my SQUID 4.11 configuration with Kerberos + > LDAP authentication I can setup a delay_pools to limit large downloads > of any authenticated user. > Yes. That should be entirely possible. > This is my test configuration that I try to do, but I cannot limit the > downloads. > > squid.conf ... > acl auth proxy_auth REQUIRED > delay_pools 1 > delay_class 1 2 > delay_parameters 1 64000/64000 64000/64000 > delay_access 1 allow auth The first problem is here. proxy_auth ACL is a "slow" type and delay_access only supports "fast" types. Squid-4 provides transaction annotations feature that can bridge this gap. It is a fast type ACL that checks for annotations set by helper lookups etc. acl hasUsername note user delay_access 1 allow hasUser delay_access 1 deny all > http_access allow auth This should be down just above the "http_access deny all" > acl SSL_ports port 443 > acl Safe_ports port 80 > acl CONNECT method CONNECT > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > http_access deny all > > Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
