[squid-users] Best way to utilize time constraints with squid?

Amos Jeffries squid3 at treenet.co.nz
Thu May 2 05:35:49 UTC 2024 

Hi Jonathan,

There may be some misunderstanding of what I wrote earlier..

  "time" is just a check of the machine clock. When ACLs are checked it 
is always expected to work.


The problem I was referring to was that ssl_bump and https_access ACLs 
are *not* checked for already active connections. Only for new 
connections as they are setup.

For example; CONNECT tunnel and/or HTTPS connections might start on 
Monday and stay open and used until Friday.


HTH
Amos



On 30/04/24 04:54, Jonathan Lee wrote:
> Squid -k parse also does not fail with use of the time ACL
> Sent from my iPhone
> 
>> On Apr 27, 2024, at 07:49, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>
>> The time constraints for termination do appear to lock out all new connections until that timeframe has elapsed. My devices have connection errors during this duration.
>>
>> Just to confirm ssl_bump can not be used with time ? Because my connections don’t work during the timeframe so that is a plus.
>>
>>
>> Sent from my iPhone
>>
>>>> On Apr 27, 2024, at 00:41, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>>>>
>>>> On 26/04/24 17:15, Jonathan Lee wrote:
>>>> aclblock_hourstime01:30-05:00ssl_bumpterminateallblock_hourshttp_accessdenyallblock_hours
>>>> In this a good way to time lock squid with times lock down?
>>>
>>> That depends on your criteria/definition of "good".
>>>
>>> Be aware that http_access only checks *new* transactions. Large downloads, and long-running transactions such as CONNECT tunnel which start during an allowed time will continue running across the disallowed time(s).
>>>
>>>
>>>> To essentially terminate all connections and block http access.
>>>
>>> The "terminate all connections" is not enforced by 'time` ACL. Once a transaction is allowed to start, it can continue until completion - be that milliseconds or days later.
>>>
>>>
>>> HTH
>>> Amos
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> https://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list