[squid-users] Squid 3.5.5, delay pools and external helpers
Amos Jeffries
squid3 at treenet.co.nz
Tue Jun 30 10:10:54 UTC 2015
On 30/06/2015 9:30 p.m., masterx81 wrote:
> Hi...
> I'm trying to limit download bandwidth to some user groups based on AD using
> external helpers, using the following command:
> delay_pools 1
> delay_class 1 1
> delay_access 1 allow InternetLimitato InternetLibero InternetCentralino
> !CONNECT
> delay_parameters 1 500000/500000
>
> "InternetLimitato InternetLibero InternetCentralino" are some AD groups, and
> i want to add theyr traffic to the 1 delay pool, but with this configuration
> not work. Else, if i apply the delay pool to "all" all works as expected.
>
> It's like this by design?
Yes. delay_access is a "fast"/synchroniuous category control.
<http://wiki.squid-cache.org/SquidFaq/SquidAcl#Fast_and_Slow_ACLs>
The way to use group checks in the fast category access controls is with
helper annotations and the "note" type ACL.
NP: The Negotiate/Kerberos helper is the only one currently presenting
group=X annotations. Thats the *auth* helper, not the external ACL group
check. You may need to write a wrapper script around your chosen group
helper to add the kv-pair.
Amos
More information about the squid-users
mailing list