<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#464646" bgcolor="#FFFFFF">
<p>Hi Eric.</p>
<p>We had the same restrictions with the fast or slow ACLs. <br>
Have you thought about creating a squid helper that calculates
your needs? <br>
So maybe you can get around this by using the acl "note" acl note
xxx xxx which turns your helper results (slow) into "fast".<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Le 05/09/2022 à 14:56, PERROT Eric DNUM
SDCAST BST SSAIM a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:6315F1FD.5010501@interieur.gouv.fr">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
Hello,<br>
<br>
We use directives "reply_body_max_size", "request_body_max_size"
and "delay_access" to limit upload, download and passband in our
infra.<br>
<br>
This configuration existes since a while, but we have noticed that
with squid v4.16, our delay pool didn't react as we wanted
anymore. We were excpeting improvment upgrading squid to v5.6. But
it got worth :<br>
- restriction still didn't work<br>
- and squid had a segmentation fault each time some acl where used<br>
<br>
Thanks to Alex Rousskov (bug 5231), after some investigation, it
appears that we used "slow" acl (proxy_auth an time acl) where
only "fast" acl where authorized...). The bug is still open as
squid has not flagged the problem in cache logs, <br>
<br>
My email, is to show you our configuration and the behaviour we
espect, and the behaviour we finally have.<br>
1 - squd v4.12 : we expect to limit downlod/upload and passband
during working time for all login except those starting with cg_*<br>
"<br>
<code>###### Gestion de bande passante ##########<br>
acl bureau time 09:00-12:00<br>
acl bureau time 14:00-17:00<br>
# Comptes generiques<br>
</code><code><code>acl my_ldap_auth proxy_auth REQUIRED<br>
</code>acl cgen proxy_auth_regex cg_<br>
reply_body_max_size 800 MB <b>bureau !cgen</b><br>
request_body_max_size 5 MB <br>
# La limite de bande passante ne fonctionne plus avec le BUMP<br>
# A tester ...<br>
delay_pools 1<br>
# Pendant time sauf cgen, emeraude <br>
delay_class 1 4<br>
delay_access 1 allow<b> </b></code><code><b><code><code>my_ldap_auth
!cgen</code></code></b><b> </b>!emeraude<br>
delay_access 1 deny all<br>
# 512000 = 5120 kbits/user 640 ko<br>
# 307200 = 3072 kbits/user 384 ko<br>
delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200<br>
##################################################</code><br>
"<br>
=> with this configuration, the delay pool seemed not to work
anymore, so we upgraded squid to v5.6. Which caused the squid
segmentation fault... <br>
<br>
2 - squid v5.6 : to solve the segmentation fault, we had to take
off my_ldap_auth/cgen (proxy_auth acl) and bureau (time acl). The
limitation work again, but we are no more able to limit
restriction during working time, or for spécific login...<br>
"<br>
<code>###### Gestion de bande passante ##########<br>
acl bureau time 09:00-12:00<br>
acl bureau time 14:00-17:00<br>
# Comptes generiques<br>
acl userrgt src 10.0.0.0/8<br>
</code><code><code>acl my_ldap_auth proxy_auth REQUIRED<br>
</code>acl cgen proxy_auth_regex cg_<br>
reply_body_max_size 800 MB <b>userrgt</b><br>
request_body_max_size 5 MB <br>
# La limite de bande passante ne fonctionne plus avec le BUMP<br>
# A tester ...<br>
delay_pools 1<br>
# Pendant time sauf cgen, emeraude <br>
delay_class 1 4<br>
delay_access 1 allow</code><code><b><code><code></code></code></b><b>
</b>!emeraude<br>
delay_access 1 deny all<br>
# 512000 = 5120 kbits/user 640 ko<br>
# 307200 = 3072 kbits/user 384 ko<br>
delay_parameters 1 -1/-1 -1/-1 -1/-1 107200/107200<br>
##################################################</code><br>
"<br>
<br>
Can you tell me if what we want to do is still possible? Limiting
upload/download/passband for all logged user except those starting
by cg_*..?.<br>
<br>
Thank you for the time reading, and thank you for your answers.<br>
<br>
Regards,<br>
<br>
Eric Perrot<br>
<div class="moz-signature"><br>
<img src="cid:part1.qAK0PfMq.9WwXI3uM@articatech.com" class=""
border="0"></div>
<br>
<br style="line-height: 0;">
<br>
<div style="border-top: 2px solid rgb(48, 145, 71); display:
inline-block; color: rgb(48, 145, 71); font-size: x-small;
padding: 5px; margin: 10px auto; font-family:
Arial,Garamond,Times New Roman,Times,serif;"
class="signature_ecolo_classname">
<div>Pour une administration exemplaire, préservons
l'environnement. </div>
<div>N'imprimons que si nécessaire. </div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<div class="moz-signature">-- <br>
<div style="background-color: #ffffff;border: 1px solid
#e7eaec;padding: 1px;margin-bottom: 20px;box-sizing:
border-box;font-family: 'open sans', 'Helvetica Neue',
Helvetica, Arial, sans-serif;font-size: 13px;color:
#676a6c;width:270px">
<div style="box-sizing: border-box;color: rgb(103, 106,
108);font-size: 13px;line-height: 18.5667px"> </div>
</div>
</div>
</body>
</html>