I think: I have found client_db:
It verifies that client_db includes "client address" not "indirect
client address" even if "acl_uses_indirect_client=on":
mgr:client_list
HTTP/1.0 200 OK
Server: squid/3.1.9
Mime-Version: 1.0
Date: Fri, 28 Jan 2011 12:57:35 GMT
Content-Type: text/plain
Expires: Fri, 28 Jan 2011 12:57:35 GMT
Last-Modified: Fri, 28 Jan 2011 12:57:35 GMT
X-Cache: MISS from localhost.localdomain
X-Cache-Lookup: MISS from localhost.localdomain:3129
Via: 1.0 localhost.localdomain (squid/3.1.9)
Connection: close
Cache Clients:
Address: 127.0.0.1
Name: localhost.localdomain
Currently established connections: 36
ICP Requests 0
HTTP Requests 217
TCP_MISS 216 100%
TCP_DENIED 1 0%
TOTALS
ICP : 0 Queries, 0 Hits ( 0%)
HTTP: 217 Requests, 0 Hits ( 0%)
Squid is (squid/3.1.9)
Provious proxy is Dansguardian and users has proxy configuration
dansguardian port.
-- Oguz YILMAZ On Fri, Jan 28, 2011 at 2:52 PM, Oguz Yilmaz <oguzyilmazlist_at_gmail.com> wrote: > To sum up, I think maxconn acl directive does not rely on indirect > client addresses in case of "acl_uses_indirect_client=on". > > > follow_x_forwarded_for allow all > acl_uses_indirect_client on > client_db on > acl maxconn-per-client maxconn 2 > acl client-192.168.0.1 src 192.168.0.1/32 > http_access deny maxconn-per-client client-192.168.0.1 > > > In such configuration When I debug squid through cache.log, it returns > true for 192.168.0.1 (that is acl_uses_indirect_client works), but > never returns "acl maxconn-per-client maxconn 2" true even when it > should. > > To attest I added "client_ip_max_connections 2" just after "client_db on" line. > > In the log I see > > 2011/01/28 14:44:41| WARNING: 127.0.0.1:35383 attempting more than 2 > connections. > 2011/01/28 14:44:41| httpAccept: FD 13: accept failure: (0) Success > > To attest I get mgr:info > Number of clients accessing cache: 1 > (network is about 25 PCs) > > This makes me think, that client_db has client information as > 127.0.0.1 previous proxy IP even if I enabled > acl_uses_indirect_client. > > 1- Is it true? > 2- How can I see client_db database > 3- How can I apply per "indirect client" connection limiting in squid. > > > Note: > This configuration correctly works for indirect client ip address. So > I assume "acl_uses_indirect_client on" is working. > follow_x_forwarded_for allow all > acl_uses_indirect_client on > client_db on > acl oguz src 192.168.0.170/255.255.255.255 > tcp_outgoing_address 172.16.1.1 oguz > > Best Regards, > > -- > Oguz YILMAZ >Received on Fri Jan 28 2011 - 12:57:53 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 28 2011 - 12:00:04 MST