[squid-users] maxconn acl with acl_uses_indirect_client

From: Oguz Yilmaz <oguzyilmazlist_at_gmail.com>
Date: Fri, 28 Jan 2011 14:52:09 +0200

To sum up, I think maxconn acl directive does not rely on indirect
client addresses in case of "acl_uses_indirect_client=on".

follow_x_forwarded_for allow all
acl_uses_indirect_client on
client_db on
acl maxconn-per-client maxconn 2
acl client-192.168.0.1 src 192.168.0.1/32
http_access deny maxconn-per-client client-192.168.0.1

In such configuration When I debug squid through cache.log, it returns
true for 192.168.0.1 (that is acl_uses_indirect_client works), but
never returns "acl maxconn-per-client maxconn 2" true even when it
should.

To attest I added "client_ip_max_connections 2" just after "client_db on" line.

In the log I see

2011/01/28 14:44:41| WARNING: 127.0.0.1:35383 attempting more than 2
connections.
2011/01/28 14:44:41| httpAccept: FD 13: accept failure: (0) Success

To attest I get mgr:info
        Number of clients accessing cache: 1
(network is about 25 PCs)

This makes me think, that client_db has client information as
127.0.0.1 previous proxy IP even if I enabled
acl_uses_indirect_client.

1- Is it true?
2- How can I see client_db database
3- How can I apply per "indirect client" connection limiting in squid.

Note:
This configuration correctly works for indirect client ip address. So
I assume "acl_uses_indirect_client on" is working.
follow_x_forwarded_for allow all
acl_uses_indirect_client on
client_db on
acl oguz src 192.168.0.170/255.255.255.255
tcp_outgoing_address 172.16.1.1 oguz

Best Regards,

--
Oguz YILMAZ
Received on Fri Jan 28 2011 - 12:52:40 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 28 2011 - 12:00:04 MST