Thank you, Amos, for the clarification.
After making time for me to test some more with fast acl's I noticed that it still didn't work. So after some more research I found out that the problem is already reported as "Bug 4913 - Delay Pools don't work for Tunneled traffic" which is exactly the problem I was having. HTTP traffic is correctly limited in my tests.
For the time being I will see if I can limit it in another way until I can fix it.
Best regards
Gabriel
After making time for me to test some more with fast acl's I noticed that it still didn't work. So after some more research I found out that the problem is already reported as "Bug 4913 - Delay Pools don't work for Tunneled traffic" which is exactly the problem I was having. HTTP traffic is correctly limited in my tests.
For the time being I will see if I can limit it in another way until I can fix it.
Best regards
Gabriel
El mar., 28 de jul. de 2020 a la(s) 10:26, Amos Jeffries (squid3@xxxxxxxxxxxxx) escribió:
On 28/07/20 8:41 am, Service MV wrote:
> Hi everybody!
> I read in the squid mailing lists that delay_pools doesn't work in v4.x,
> but in the documentation I don't see anything about it.
* Delay pools is a fairly major feature.
* "Dont work" is a very vague claim.
* mailing list threads are typically started by people who don't know
how to use a feature properly and having trouble because of that
misunderstanding.
* 4.x is an entire series of releases with many bug fixes across the
(ongoing) year(s) long lifecycle.
Draw your own conclusion about the accuracy of such statement on the
mailing list.
> I would like to know if in my SQUID 4.11 configuration with Kerberos +
> LDAP authentication I can setup a delay_pools to limit large downloads
> of any authenticated user.
>
Yes. That should be entirely possible.
> This is my test configuration that I try to do, but I cannot limit the
> downloads.
>
> squid.conf
...
> acl auth proxy_auth REQUIRED
> delay_pools 1
> delay_class 1 2
> delay_parameters 1 64000/64000 64000/64000
> delay_access 1 allow auth
The first problem is here. proxy_auth ACL is a "slow" type and
delay_access only supports "fast" types.
Squid-4 provides transaction annotations feature that can bridge this
gap. It is a fast type ACL that checks for annotations set by helper
lookups etc.
acl hasUsername note user
delay_access 1 allow hasUser
delay_access 1 deny all
> http_access allow auth
This should be down just above the "http_access deny all"
> acl SSL_ports port 443
> acl Safe_ports port 80
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> http_access deny all
>
>
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users