Search squid archive

Re: Best way to utilize time constraints with squid?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jonathan,

There may be some misunderstanding of what I wrote earlier..

"time" is just a check of the machine clock. When ACLs are checked it is always expected to work.


The problem I was referring to was that ssl_bump and https_access ACLs are *not* checked for already active connections. Only for new connections as they are setup.

For example; CONNECT tunnel and/or HTTPS connections might start on Monday and stay open and used until Friday.


HTH
Amos



On 30/04/24 04:54, Jonathan Lee wrote:
Squid -k parse also does not fail with use of the time ACL
Sent from my iPhone

On Apr 27, 2024, at 07:49, Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote:

The time constraints for termination do appear to lock out all new connections until that timeframe has elapsed. My devices have connection errors during this duration.

Just to confirm ssl_bump can not be used with time ? Because my connections don’t work during the timeframe so that is a plus.


Sent from my iPhone

On Apr 27, 2024, at 00:41, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:

On 26/04/24 17:15, Jonathan Lee wrote:
aclblock_hourstime01:30-05:00ssl_bumpterminateallblock_hourshttp_accessdenyallblock_hours
In this a good way to time lock squid with times lock down?

That depends on your criteria/definition of "good".

Be aware that http_access only checks *new* transactions. Large downloads, and long-running transactions such as CONNECT tunnel which start during an allowed time will continue running across the disallowed time(s).


To essentially terminate all connections and block http access.

The "terminate all connections" is not enforced by 'time` ACL. Once a transaction is allowed to start, it can continue until completion - be that milliseconds or days later.


HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux