[squid-users] Limit large downloads to autenticated users

Service MV service.mv at gmail.com
Mon Jul 27 20:41:12 UTC 2020


Hi everybody!
I read in the squid mailing lists that delay_pools doesn't work in v4.x,
but in the documentation I don't see anything about it.
I would like to know if in my SQUID 4.11 configuration with Kerberos + LDAP
authentication I can setup a delay_pools to limit large downloads of any
authenticated user.

This is my test configuration that I try to do, but I cannot limit the
downloads.

squid.conf
visible_hostname debian-proxy.mydomain.local
http_port 3128 require-proxy-header
acl haproxy src 10.10.8.213
proxy_protocol_access allow haproxy
debug_options ALL, 1 33, 2 28, 9
maximum_object_size 8192 KB
error_directory /opt/squid411/share/errors/es-ar
shutdown_lifetime 0 seconds
forwarded_for transparent
auth_param negotiate program /usr/local/bin/squid_kerb_auth -i -r -s
GSS_C_NO_NAME
auth_param negotiate children 300 startup=150 idle=10
auth_param negotiate keep_alive on
auth_param basic program /opt/squid411/libexec/basic_ldap_auth -P -R -b
"dc=mydomain,dc=local" -D "cn=ldap,cn=Users,dc=mydomain,dc=local" -W
/opt/squid411/etc/ldappass.txt -f sAMAccountName=%s -h dc1.mydomain.local
auth_param basic children 30
auth_param basic realm Proxy Authentication
auth_param basic credentialsttl 4 hour
acl auth proxy_auth REQUIRED
delay_pools 1
delay_class 1 2
delay_parameters 1 64000/64000 64000/64000
#delay_parameters 1 1310720/1966080 917504/1310720
delay_access 1 allow auth
http_access allow auth
acl SSL_ports port 443
acl Safe_ports port 80
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access deny all


squid -v
Squid Cache: Version 4.11
Service Name: squid

This binary uses OpenSSL 1.0.2u  20 Dec 2019. For legal restrictions on
distribution see https://www.openssl.org/source/license.html

configure options:  '--prefix=/opt/squid411' '--includedir=/include'
'--mandir=/share/man' '--infodir=/share/info'
'--localstatedir=/opt/squid411/var' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--disable-silent-rules' '--enable-inline'
'--enable-async-io' '--enable-storeio=ufs,aufs,diskd'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores' '--enable-icap-client'
'--enable-follow-x-forwarded-for' '--enable-auth'
'--enable-digest-auth-helpers' '--enable-negotiate-auth-helpers'
'--enable-auth-ntlm' '--enable-arp-acl' '--enable-esi--disable-translation'
'--with-logdir=/var/log/squid411' '--with-pidfile=/var/run/squid411.pid'
'--with-filedescriptors=65536' '--with-large-files'
'--with-default-user=proxy' '--enable-linux-netfilter'
'--enable-ltdl-convenience' '--with-openssl' '--enable-ssl'
'--enable-ssl-crtd'

Thanks in advance for any help!
Best regards,

Gabriel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200727/f76d88e8/attachment.htm>


More information about the squid-users mailing list