Search squid archive

Re: delay_access url_regex acl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]





>> Hello,
>>
>> I am currently facing some troubles will using Squids
>> feature to manage bandwidth (delay_pools, delay_access, ...)
>>
>> I would like to apply a 50kbytes/s limitation to each
>> users and a global 3Mbytes/s limitation.
>> There is a authentication group (I am working with NTLM
>> authentication) for which I apply no limit.
>> Here is the conf :
>> acl InternetAdmin external InetGroup Internet_Admin
>>
>> delay_pools 1
>> delay_class 1 2
>> delay_parameters 1 3145728/3145728 51200/51200
>> delay_access 1 allow !InternetAdmin
>> delay_access 1 deny all
>>
>> This works fine.
>
>You sure? delay_access does not do external ACL lookups for the auth. There must be a matching http_access test to perform the lookups and cache them first.

Yes the http_access rule is the following :
http_access allow InternetAdmin

>
>> Now I want to allow all user to download at normal speed
>> on some sites.
>> acl whitelist.no_limit url_regex
>> "/etc/squid3/etc/whitelist.no_limit" # "/etc/squid3/etc/whitelist.no_limit contains list of sites with no BW limit
>>
>> delay_pools 1
>> delay_class 1 2
>> delay_parameters 1 3145728/3145728 51200/51200
>> delay_access 1 allow !whitelist.no_limit !InternetAdmin
>> delay_access 1 deny all
>
>This looks correct for delay_access. Is a bit non-intuitive though.
>
>Try this for easier reading later:
>  delay_access 1 deny whitelist.no_limit
>  delay_access 1 deny InternetAdmin
>  delay_access 1 allow all
>

I also tested this option (with the sale result) I even removed the InternetAdmin line (still the same result)

>>
>> However with such configuration all sites (even those in
>> whitelist.no_limit) are limited in bandwidth.
>
>I suspect some error in the regex patterns. Check for patterns that are short and could match anywhere. Post the whitelist here if you want any help with the check.
>

I don't think there is any possible missmatch with those regex
(I used "http://download.tuxfamily.org/notepadplus/5.9/npp.5.9.Installer.exe"; to test a non-whitelisted url)

cat /etc/squid3/etc/whitelist.no_limit
www.microsoft.com
cdimage.debian.org

>Alternatively if you added the whitelist to http_access as well it could have screwed with the http_access login lookup. Making login unavailable and always fail at the delay_access check.

Most of the url in the whitelist.no_limit are also whitelisted somewhere in a http_access.

>
>>
>> Thank in advance for your help,
>> Best Regards,
>> Marc.
>>
>> Debian Lenny: 2.6.26-2-686
>> Squid Cache: Version 3.0.STABLE8
>
>
>Amos
>-- Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.12
>  Beta testers wanted for 3.2.0.7 and 3.1.12.1




[Linux Audio Users]     [Photo]     [Yosemite News]     [Samba]     [Video Projectors]     [Video Devices]     [Big List of Linux Books]     [LCD TVs]     [Webcams]     [Linux USB]

  Powered by Linux