I have an external ACL that check if users are OVERCUOTE (exceed assigned cuote in MB), on this case those users can't browser certains domains and sites specified in certain acl (domains_cuote, parcials_domains_cuote, sites_cuote). The problem is that Squid doesn't interrupt stablished connections for example youtube video play and OVERCUOTE user continue video reproduction until the video it is not finished (I'm not referring to the case of the buffer that the video player managed to load before the user became OVERCUOTE), although the rest of web browsing is limited correctly, and his account is marked as exceeded (OVERCUOTE).
I need a delay_pool to OVERCUOTE users for reduce to minimun (for example 1Kbit/s) the download rate over specifcs domains and sites until the user cuote will be restablished,
For this scenario i have an internet link with only 2Mbps (very poor).
I need help with possible delay pools config that help me. I don't understand very well delays_pool
## Auth config
auth_param basic program /usr/lib/squid/basic_db_auth --dsn "DBI:mysql:database=squidmgr" --user dbuser --password dbpassword --table "proxy_user" --usercol "squid_user_identifier" --passwdcol "passwd" --cond "enabled = 1" --md5 --persist
auth_param basic children 15 startup=10 idle=1
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 30 minute
auth_param basic casesensitive on
authenticate_ip_ttl 30 minute
acl AUTHENTICATED proxy_auth REQUIRED
##ACL check if user is cuote exceeded. An external script count users consumption every xx seconds and update database, it work successfull.
external_acl_type CHECKOVERCUOTE concurrency=100 ttl=3 children-max=50 children-startup=15 children-idle=5 %LOGIN /usr/lib/squid/ext_sql_session_acl --dsn "DBI:mysql:database=squidmgr" --user dbuser --password dbpassword --table "proxy_user" --uidcol "squid_user_identifier" --usercol "squid_user_identifier" --cond "overcuote = 1"
acl OVERCUOTE external CHECKOVERCUOTE
## Resources to take in user cuote
acl domains_cuote dstdomain "/etc/squid/resources/domains_cuote.db"
acl parcials_domains_cuote dstdomain "/etc/squid/resources/parcials_domains_cuote.db"
acl sites_cuote url_regex -i "/etc/squid/resources/sites_cuote.db"
## RULES
http_access allow !domains_cuote !OVERCUOTE
http_access allow !parcials_domains_cuote !OVERCUOTE
http_access allow !sites_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !domains_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !parcials_domains_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !sites_cuote !OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports domains_cuote OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports parcials_domains_cuote OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports sites_cuote OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE domains_cuote OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE parcials_domains_cuote OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE sites_cuote OVERCUOTE
http_access allow AUTHENTICATED
http_access deny all
I need a delay_pool to OVERCUOTE users for reduce to minimun (for example 1Kbit/s) the download rate over specifcs domains and sites until the user cuote will be restablished,
For this scenario i have an internet link with only 2Mbps (very poor).
I need help with possible delay pools config that help me. I don't understand very well delays_pool
The idea is that the delay_pool limits web browsing on the domains and sites specified by the acl for users exceeding the assigned quota.
## Auth config
auth_param basic program /usr/lib/squid/basic_db_auth --dsn "DBI:mysql:database=squidmgr" --user dbuser --password dbpassword --table "proxy_user" --usercol "squid_user_identifier" --passwdcol "passwd" --cond "enabled = 1" --md5 --persist
auth_param basic children 15 startup=10 idle=1
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 30 minute
auth_param basic casesensitive on
authenticate_ip_ttl 30 minute
acl AUTHENTICATED proxy_auth REQUIRED
##ACL check if user is cuote exceeded. An external script count users consumption every xx seconds and update database, it work successfull.
external_acl_type CHECKOVERCUOTE concurrency=100 ttl=3 children-max=50 children-startup=15 children-idle=5 %LOGIN /usr/lib/squid/ext_sql_session_acl --dsn "DBI:mysql:database=squidmgr" --user dbuser --password dbpassword --table "proxy_user" --uidcol "squid_user_identifier" --usercol "squid_user_identifier" --cond "overcuote = 1"
acl OVERCUOTE external CHECKOVERCUOTE
## Resources to take in user cuote
acl domains_cuote dstdomain "/etc/squid/resources/domains_cuote.db"
acl parcials_domains_cuote dstdomain "/etc/squid/resources/parcials_domains_cuote.db"
acl sites_cuote url_regex -i "/etc/squid/resources/sites_cuote.db"
## RULES
http_access allow !domains_cuote !OVERCUOTE
http_access allow !parcials_domains_cuote !OVERCUOTE
http_access allow !sites_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !domains_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !parcials_domains_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !sites_cuote !OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports domains_cuote OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports parcials_domains_cuote OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports sites_cuote OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE domains_cuote OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE parcials_domains_cuote OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE sites_cuote OVERCUOTE
http_access allow AUTHENTICATED
http_access deny all
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
