|
Hello Elizer and David,
Sorry for the delay, I have been monopolized by another subject...
I am not sur to understand how note acl could help me. If the idear of "note acl" is similar to the one proposed by Amos (creating a group with annotate acl).
My requirement is to have special limitation for logged users, except for those with a login starting by cg_*.
I have been using proxy_auth acl to identify my users, but this acl is slow and is not recommended with limitation directive ("reply_body_max_size", "request_body_max_size" and "delay_access").
I am testing to create groups today and I'll come back to you
Thank you for your thinking,
Eric
Le 06/09/2022 20:10, ngtech1ltd@xxxxxxxxx a écrit :
Hey Eric and David,
I am thinking about the best place to put a note acl.
What is the actual requirement?
Do you want to limit a specific client or all of them?
I have not used delay pools for a very long time so I am not sure about what you want these to do.
Eliezer
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of David Touzeau
Sent: Tuesday, 6 September 2022 18:45
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [squid-users] [squid][v5.6] : problem with "slow" or "fast" acl
Hi Eric.
We had the same restrictions with the fast or slow ACLs.
Have you thought about creating a squid helper that calculates your needs?
So maybe you can get around this by using the acl "note" acl note xxx xxx which turns your helper results (slow) into "fast".
Le 05/09/2022 à 14:56, PERROT Eric DNUM SDCAST BST SSAIM a écrit :
Hello,
We use directives "reply_body_max_size", "request_body_max_size" and "delay_access" to limit upload, download and passband in our infra.
This configuration existes since a while, but we have noticed that with squid v4.16, our delay pool didn't react as we wanted anymore. We were excpeting improvment upgrading squid to v5.6. But it got worth :
- restriction still didn't work
- and squid had a segmentation fault each time some acl where used
Thanks to Alex Rousskov (bug 5231), after some investigation, it appears that we used "slow" acl (proxy_auth an time acl) where only "fast" acl where authorized...). The bug is still open as squid has not flagged the problem in cache logs,
My email, is to show you our configuration and the behaviour we espect, and the behaviour we finally have.
1 - squd v4.12 : we expect to limit downlod/upload and passband during working time for all login except those starting with cg_*
"
###### Gestion de bande passante ##########
acl bureau time 09:00-12:00
acl bureau time 14:00-17:00
# Comptes generiques
acl my_ldap_auth proxy_auth REQUIRED
acl cgen proxy_auth_regex cg_
reply_body_max_size 800 MB bureau !cgen
request_body_max_size 5 MB
# La limite de bande passante ne fonctionne plus avec le BUMP
# A tester ...
delay_pools 1
# Pendant time sauf cgen, emeraude
delay_class 1 4
delay_access 1 allow my_ldap_auth !cgen !emeraude
delay_access 1 deny all
# 512000 = 5120 kbits/user 640 ko
# 307200 = 3072 kbits/user 384 ko
delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200
##################################################
"
=> with this configuration, the delay pool seemed not to work anymore, so we upgraded squid to v5.6. Which caused the squid segmentation fault...
2 - squid v5.6 : to solve the segmentation fault, we had to take off my_ldap_auth/cgen (proxy_auth acl) and bureau (time acl). The limitation work again, but we are no more able to limit restriction during working time, or for spécific login...
"
###### Gestion de bande passante ##########
acl bureau time 09:00-12:00
acl bureau time 14:00-17:00
# Comptes generiques
acl userrgt src 10.0.0.0/8
acl my_ldap_auth proxy_auth REQUIRED
acl cgen proxy_auth_regex cg_
reply_body_max_size 800 MB userrgt
request_body_max_size 5 MB
# La limite de bande passante ne fonctionne plus avec le BUMP
# A tester ...
delay_pools 1
# Pendant time sauf cgen, emeraude
delay_class 1 4
delay_access 1 allow!emeraude
delay_access 1 deny all
# 512000 = 5120 kbits/user 640 ko
# 307200 = 3072 kbits/user 384 ko
delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200
##################################################
"
Can you tell me if what we want to do is still possible? Limiting upload/download/passband for all logged user except those starting by cg_*..?.
Thank you for the time reading, and thank you for your answers.
Regards,
Eric Perrot
Pour une administration exemplaire, préservons l'environnement.
N'imprimons que si nécessaire.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
|
