[squid-users] [squid][v5.6] : problem with "slow" or "fast" acl
David Touzeau
david at articatech.com
Tue Sep 6 15:45:08 UTC 2022
Hi Eric.
We had the same restrictions with the fast or slow ACLs.
Have you thought about creating a squid helper that calculates your needs?
So maybe you can get around this by using the acl "note" acl note xxx
xxx which turns your helper results (slow) into "fast".
Le 05/09/2022 à 14:56, PERROT Eric DNUM SDCAST BST SSAIM a écrit :
> Hello,
>
> We use directives "reply_body_max_size", "request_body_max_size" and
> "delay_access" to limit upload, download and passband in our infra.
>
> This configuration existes since a while, but we have noticed that
> with squid v4.16, our delay pool didn't react as we wanted anymore. We
> were excpeting improvment upgrading squid to v5.6. But it got worth :
> - restriction still didn't work
> - and squid had a segmentation fault each time some acl where used
>
> Thanks to Alex Rousskov (bug 5231), after some investigation, it
> appears that we used "slow" acl (proxy_auth an time acl) where only
> "fast" acl where authorized...). The bug is still open as squid has
> not flagged the problem in cache logs,
>
> My email, is to show you our configuration and the behaviour we
> espect, and the behaviour we finally have.
> 1 - squd v4.12 : we expect to limit downlod/upload and passband during
> working time for all login except those starting with cg_*
> "
> |###### Gestion de bande passante ##########
> acl bureau time 09:00-12:00
> acl bureau time 14:00-17:00
> # Comptes generiques
> |||acl my_ldap_auth proxy_auth REQUIRED
> |acl cgen proxy_auth_regex cg_
> reply_body_max_size 800 MB *bureau !cgen*
> request_body_max_size 5 MB
> # La limite de bande passante ne fonctionne plus avec le BUMP
> # A tester ...
> delay_pools 1
> # Pendant time sauf cgen, emeraude
> delay_class 1 4
> delay_access 1 allow**||*||my_ldap_auth !cgen||***!emeraude
> delay_access 1 deny all
> # 512000 = 5120 kbits/user 640 ko
> # 307200 = 3072 kbits/user 384 ko
> delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200
> ##################################################|
> "
> => with this configuration, the delay pool seemed not to work anymore,
> so we upgraded squid to v5.6. Which caused the squid segmentation
> fault...
>
> 2 - squid v5.6 : to solve the segmentation fault, we had to take off
> my_ldap_auth/cgen (proxy_auth acl) and bureau (time acl). The
> limitation work again, but we are no more able to limit restriction
> during working time, or for spécific login...
> "
> |###### Gestion de bande passante ##########
> acl bureau time 09:00-12:00
> acl bureau time 14:00-17:00
> # Comptes generiques
> acl userrgt src 10.0.0.0/8
> |||acl my_ldap_auth proxy_auth REQUIRED
> |acl cgen proxy_auth_regex cg_
> reply_body_max_size 800 MB *userrgt*
> request_body_max_size 5 MB
> # La limite de bande passante ne fonctionne plus avec le BUMP
> # A tester ...
> delay_pools 1
> # Pendant time sauf cgen, emeraude
> delay_class 1 4
> delay_access 1 allow||*||||***!emeraude
> delay_access 1 deny all
> # 512000 = 5120 kbits/user 640 ko
> # 307200 = 3072 kbits/user 384 ko
> delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200
> ##################################################|
> "
>
> Can you tell me if what we want to do is still possible? Limiting
> upload/download/passband for all logged user except those starting by
> cg_*..?.
>
> Thank you for the time reading, and thank you for your answers.
>
> Regards,
>
> Eric Perrot
>
>
>
>
> Pour une administration exemplaire, préservons l'environnement.
> N'imprimons que si nécessaire.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220906/0c569514/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature-perroter.png
Type: image/png
Size: 10699 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220906/0c569514/attachment-0001.png>
More information about the squid-users
mailing list