|
Hi Eric.
We had the same restrictions with the fast or slow ACLs.
Have you thought about creating a squid helper that calculates
your needs?
So maybe you can get around this by using the acl "note" acl note
xxx xxx which turns your helper results (slow) into "fast".
Le 05/09/2022 à 14:56, PERROT Eric DNUM
SDCAST BST SSAIM a écrit :
Hello,
We use directives "reply_body_max_size", "request_body_max_size"
and "delay_access" to limit upload, download and passband in our
infra.
This configuration existes since a while, but we have noticed that
with squid v4.16, our delay pool didn't react as we wanted
anymore. We were excpeting improvment upgrading squid to v5.6. But
it got worth :
- restriction still didn't work
- and squid had a segmentation fault each time some acl where used
Thanks to Alex Rousskov (bug 5231), after some investigation, it
appears that we used "slow" acl (proxy_auth an time acl) where
only "fast" acl where authorized...). The bug is still open as
squid has not flagged the problem in cache logs,
My email, is to show you our configuration and the behaviour we
espect, and the behaviour we finally have.
1 - squd v4.12 : we expect to limit downlod/upload and passband
during working time for all login except those starting with cg_*
"
###### Gestion de bande passante ##########
acl bureau time 09:00-12:00
acl bureau time 14:00-17:00
# Comptes generiques
acl my_ldap_auth proxy_auth REQUIRED
acl cgen proxy_auth_regex cg_
reply_body_max_size 800 MB bureau !cgen
request_body_max_size 5 MB
# La limite de bande passante ne fonctionne plus avec le BUMP
# A tester ...
delay_pools 1
# Pendant time sauf cgen, emeraude
delay_class 1 4
delay_access 1 allow my_ldap_auth
!cgen
delay_access 1 deny all
# 512000 = 5120 kbits/user 640 ko
# 307200 = 3072 kbits/user 384 ko
delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200
##################################################
"
=> with this configuration, the delay pool seemed not to work
anymore, so we upgraded squid to v5.6. Which caused the squid
segmentation fault...
2 - squid v5.6 : to solve the segmentation fault, we had to take
off my_ldap_auth/cgen (proxy_auth acl) and bureau (time acl). The
limitation work again, but we are no more able to limit
restriction during working time, or for spécific login...
"
###### Gestion de bande passante ##########
acl bureau time 09:00-12:00
acl bureau time 14:00-17:00
# Comptes generiques
acl userrgt src 10.0.0.0/8
acl my_ldap_auth proxy_auth REQUIRED
acl cgen proxy_auth_regex cg_
reply_body_max_size 800 MB userrgt
request_body_max_size 5 MB
# La limite de bande passante ne fonctionne plus avec le BUMP
# A tester ...
delay_pools 1
# Pendant time sauf cgen, emeraude
delay_class 1 4
delay_access 1 allow
delay_access 1 deny all
# 512000 = 5120 kbits/user 640 ko
# 307200 = 3072 kbits/user 384 ko
delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200
##################################################
"
Can you tell me if what we want to do is still possible? Limiting
upload/download/passband for all logged user except those starting
by cg_*..?.
Thank you for the time reading, and thank you for your answers.
Regards,
Eric Perrot
Pour une administration exemplaire, préservons
l'environnement.
N'imprimons que si nécessaire.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
|
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
