[squid-users] limit new req/sec on squid to X per sec

Alex Rousskov rousskov at measurement-factory.com
Wed Nov 27 20:42:14 UTC 2019 

On 11/27/19 12:31 AM, --Ahmad-- wrote:

> im looking for limiting TCP req/sec on squid to X speed .


There are many terminology problems on this thread, but just for the
record, you can use Squid external ACLs to limit:

1. the rate of incoming HTTP requests
2. the rate of outgoing HTTP requests
3. the acceptance rate of incoming HTTP/TCP connections
4. the establishment rate of outgoing HTTP/TCP connections

In all these cases, Squid would have to act (i.e. block or delay) the
requests or connections exceeding the configured rate _after_ parsing
the offending request[1,2,3 and may be 4] or even response[4]. This
delayed reaction may be enough for your use case of protecting a service
behind Squid, but it is a deadly limitation in many contexts (e.g., DoS
mitigation).

Until support for connection IDs is added to Squid (there is a project
for that), your external ACL would have to rely on TCP/IP addresses to
identify new HTTP/TCP connections (if needed).


Whether Squid is the right tool for the job depends on many factors. One
of the primary factors is whether you need HTTP-level information to
make some of the rate limiting decisions. Another factor is whether you
want to send a user an error response when they exceed the configured
rate. My guess is that cases 1 and 2 are best supported using Squid
while cases 3 and especially 4 may be best implemented using
TCP/IP-level tools such as iptables.


HTH,

Alex.

> say i have an instance running .
> 
> 
> i want to limit it to 100 req/sec for “new connections “ not  just for concurrent connections .
> 
> so if connection is old or “ established “ its out of the game .
> if the connection is new , all new should be limited to 100 req/sec .
> 
> i made search on all max_conn but it seems count “concurrent sessions “ even old +  new .
> 
> is there a way in squid to limit only new sessions ?
> 
> 
> Thanks 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list