<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
We use directives "reply_body_max_size", "request_body_max_size" and
"delay_access" to limit upload, download and passband in our infra.<br>
<br>
This configuration existes since a while, but we have noticed that
with squid v4.16, our delay pool didn't react as we wanted anymore.
We were excpeting improvment upgrading squid to v5.6. But it got
worth :<br>
- restriction still didn't work<br>
- and squid had a segmentation fault each time some acl where used<br>
<br>
Thanks to Alex Rousskov (bug 5231), after some investigation, it
appears that we used "slow" acl (proxy_auth an time acl) where only
"fast" acl where authorized...). The bug is still open as squid has
not flagged the problem in cache logs, <br>
<br>
My email, is to show you our configuration and the behaviour we
espect, and the behaviour we finally have.<br>
1 - squd v4.12 : we expect to limit downlod/upload and passband
during working time for all login except those starting with cg_*<br>
"<br>
<code>###### Gestion de bande passante ##########<br>
acl bureau time 09:00-12:00<br>
acl bureau time 14:00-17:00<br>
# Comptes generiques<br>
</code><code><code>acl my_ldap_auth proxy_auth REQUIRED<br>
</code>acl cgen proxy_auth_regex cg_<br>
reply_body_max_size 800 MB <b>bureau !cgen</b><br>
request_body_max_size 5 MB <br>
# La limite de bande passante ne fonctionne plus avec le BUMP<br>
# A tester ...<br>
delay_pools 1<br>
# Pendant time sauf cgen, emeraude <br>
delay_class 1 4<br>
delay_access 1 allow<b> </b></code><code><b><code><code>my_ldap_auth
!cgen</code></code></b><b> </b>!emeraude<br>
delay_access 1 deny all<br>
# 512000 = 5120 kbits/user 640 ko<br>
# 307200 = 3072 kbits/user 384 ko<br>
delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200<br>
##################################################</code><br>
"<br>
=> with this configuration, the delay pool seemed not to work
anymore, so we upgraded squid to v5.6. Which caused the squid
segmentation fault... <br>
<br>
2 - squid v5.6 : to solve the segmentation fault, we had to take off
my_ldap_auth/cgen (proxy_auth acl) and bureau (time acl). The
limitation work again, but we are no more able to limit restriction
during working time, or for spécific login...<br>
"<br>
<code>###### Gestion de bande passante ##########<br>
acl bureau time 09:00-12:00<br>
acl bureau time 14:00-17:00<br>
# Comptes generiques<br>
acl userrgt src 10.0.0.0/8<br>
</code><code><code>acl my_ldap_auth proxy_auth REQUIRED<br>
</code>acl cgen proxy_auth_regex cg_<br>
reply_body_max_size 800 MB <b>userrgt</b><br>
request_body_max_size 5 MB <br>
# La limite de bande passante ne fonctionne plus avec le BUMP<br>
# A tester ...<br>
delay_pools 1<br>
# Pendant time sauf cgen, emeraude <br>
delay_class 1 4<br>
delay_access 1 allow</code><code><b><code><code></code></code></b><b>
</b>!emeraude<br>
delay_access 1 deny all<br>
# 512000 = 5120 kbits/user 640 ko<br>
# 307200 = 3072 kbits/user 384 ko<br>
delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200<br>
##################################################</code><br>
"<br>
<br>
Can you tell me if what we want to do is still possible? Limiting
upload/download/passband for all logged user except those starting
by cg_*..?.<br>
<br>
Thank you for the time reading, and thank you for your answers.<br>
<br>
Regards,<br>
<br>
Eric Perrot<br>
<div class="moz-signature"><br>
<img src="cid:part1.09050505.06030306@interieur.gouv.fr"
border="0"></div>
<br>
<br style="line-height: 0;"></br><div style="border-top: 2px solid
rgb(48, 145, 71); display: inline-block; color: rgb(48, 145, 71);
font-size: x-small; padding: 5px; margin: 10px auto; font-family:
Arial,Garamond,Times New Roman,Times,serif;"
class="signature_ecolo_classname"><div>Pour une administration
exemplaire, préservons l'environnement.
</div><div>N'imprimons que si nécessaire.
</div></div>
</body>
</html>