[squid-users] Squid delay_access with external acl

Alex Rousskov rousskov at measurement-factory.com
Tue Feb 20 15:51:50 UTC 2024 

On 2024-02-20 03:14, Francesco Chemolli wrote:

> acl users ext_user foo bar gazonk
> http_access allow users all  # always allow

The above does not always allow. What you meant it probably this:

# This rule never matches. It is used for its side effect:
# The rule evaluates users ACL, caching evaluation result.
http_access allow users !all


> delay_access 3 allow users
> 
> should do the trick

... but sometimes will not. Wiki recommendation to "exploit caching" is 
an ugly outdated hack that should be avoided. The correct solution these 
days is to use annotate_transaction ACL to mark the transaction 
accordingly. Here is an untested sketch:

     acl fromUserThatShouldBeLimited ext_user ...
     acl markAsLimited annotate_transaction limited=yes
     acl markedAsLimited note limited yes

     # This rule never matches; used for its annotation side effect.
     http_access allow fromUserThatShouldBeLimited markAsLimited !all

     delay_access 3 allow markedAsLimited

HTH,

Alex.



> On Tue, Feb 20, 2024 at 2:15 PM Szilárd Horváth wrote:
> 
>     Good Day!
> 
>     I try to make limitation bandwidth for some user group. I have an
>     external acl which get the users from ldap database server. In the
>     old version of config we blocked the internet with http_access deny
>     GROUP, but now i try to allow the internet which has limited
>     bandwidth. I know that the delay_access work with only fast ACL and
>     external acl or proxy_auth acl are slow. I already tried some
>     opportunity but i couldn't solve.
> 
>     Maybe have you any solution for this? Or any idea how can limitation
>     the bandwidth for some user? I need use the username (e-mail address
>     format) because that use to login to the proxy.
> 
>     Version: Squid Cache: Version 5.6
> 
>     Thank you so much and i am waiting for your answer!
> 
>     Have a good day!
> 
>     Br,
>     Szilard Horvath
> 
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>     https://lists.squid-cache.org/listinfo/squid-users
>     <https://lists.squid-cache.org/listinfo/squid-users>
> 
> 
> 
> -- 
>      Francesco
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list