[squid-users] Limit large downloads to autenticated users
Amos Jeffries
squid3 at treenet.co.nz
Tue Jul 28 13:21:23 UTC 2020
On 28/07/20 8:41 am, Service MV wrote:
> Hi everybody!
> I read in the squid mailing lists that delay_pools doesn't work in v4.x,
> but in the documentation I don't see anything about it.
* Delay pools is a fairly major feature.
* "Dont work" is a very vague claim.
* mailing list threads are typically started by people who don't know
how to use a feature properly and having trouble because of that
misunderstanding.
* 4.x is an entire series of releases with many bug fixes across the
(ongoing) year(s) long lifecycle.
Draw your own conclusion about the accuracy of such statement on the
mailing list.
> I would like to know if in my SQUID 4.11 configuration with Kerberos +
> LDAP authentication I can setup a delay_pools to limit large downloads
> of any authenticated user.
>
Yes. That should be entirely possible.
> This is my test configuration that I try to do, but I cannot limit the
> downloads.
>
> squid.conf
...
> acl auth proxy_auth REQUIRED
> delay_pools 1
> delay_class 1 2
> delay_parameters 1 64000/64000 64000/64000
> delay_access 1 allow auth
The first problem is here. proxy_auth ACL is a "slow" type and
delay_access only supports "fast" types.
Squid-4 provides transaction annotations feature that can bridge this
gap. It is a fast type ACL that checks for annotations set by helper
lookups etc.
acl hasUsername note user
delay_access 1 allow hasUser
delay_access 1 deny all
> http_access allow auth
This should be down just above the "http_access deny all"
> acl SSL_ports port 443
> acl Safe_ports port 80
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> http_access deny all
>
>
Amos
More information about the squid-users
mailing list