[squid-users] How to apply a low delay_pool to users that become OVERCUOTE, over certains domains and sites.
Francisco
frizquierdo87 at gmail.com
Tue Aug 1 03:37:30 UTC 2023
I have an external ACL that check if users are OVERCUOTE (exceed assigned
cuote in MB), on this case those users can't browser certains domains and
sites specified in certain acl (domains_cuote, parcials_domains_cuote,
sites_cuote). The problem is that Squid doesn't interrupt stablished
connections for example youtube video play and OVERCUOTE user continue
video reproduction until the video it is not finished (I'm not referring
to the case of the buffer that the video player managed to load before the
user became OVERCUOTE), although the rest of web browsing is limited
correctly, and his account is marked as exceeded (OVERCUOTE).
I need a delay_pool to OVERCUOTE users for reduce to minimun (for example
1Kbit/s) the download rate over specifcs domains and sites until the user
cuote will be restablished,
For this scenario i have an internet link with only 2Mbps (very poor).
I need help with possible delay pools config that help me. I don't
understand very well delays_pool
The idea is that the delay_pool limits web browsing on the domains and
sites specified by the acl for users exceeding the assigned quota.
## Auth config
auth_param basic program /usr/lib/squid/basic_db_auth --dsn
"DBI:mysql:database=squidmgr" --user dbuser --password dbpassword --table
"proxy_user" --usercol "squid_user_identifier" --passwdcol "passwd" --cond
"enabled = 1" --md5 --persist
auth_param basic children 15 startup=10 idle=1
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 30 minute
auth_param basic casesensitive on
authenticate_ip_ttl 30 minute
acl AUTHENTICATED proxy_auth REQUIRED
##ACL check if user is cuote exceeded. An external script count users
consumption every xx seconds and update database, it work successfull.
external_acl_type CHECKOVERCUOTE concurrency=100 ttl=3 children-max=50
children-startup=15 children-idle=5 %LOGIN
/usr/lib/squid/ext_sql_session_acl --dsn "DBI:mysql:database=squidmgr"
--user dbuser --password dbpassword --table "proxy_user" --uidcol
"squid_user_identifier" --usercol "squid_user_identifier" --cond "overcuote
= 1"
acl OVERCUOTE external CHECKOVERCUOTE
## Resources to take in user cuote
acl domains_cuote dstdomain "/etc/squid/resources/domains_cuote.db"
acl parcials_domains_cuote dstdomain
"/etc/squid/resources/parcials_domains_cuote.db"
acl sites_cuote url_regex -i "/etc/squid/resources/sites_cuote.db"
## RULES
http_access allow !domains_cuote !OVERCUOTE
http_access allow !parcials_domains_cuote !OVERCUOTE
http_access allow !sites_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !domains_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !parcials_domains_cuote !OVERCUOTE
http_access allow CONNECT SSL_ports !sites_cuote !OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports
domains_cuote OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports
parcials_domains_cuote OVERCUOTE
deny_info https://proxy.lan/proxyerrors?type=OVERCUOTE CONNECT SSL_ports
sites_cuote OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE domains_cuote
OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE
parcials_domains_cuote OVERCUOTE
deny_info http://proxy.lan/proxyerrors?type=OVERCUOTE sites_cuote OVERCUOTE
http_access allow AUTHENTICATED
http_access deny all
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230731/a8d527a4/attachment.htm>
More information about the squid-users
mailing list