On 07/10/11 22:35, Romain wrote:
> Hi,
>
> We'd like to limit our bandwith / file type with using ACL and delay
> pool. Our Squid (2.6e21) is configured as a reverse proxy, in front of
> a apache server (2.2.3)
>
> - We don't have any error starting Squid but the delay pool seams not working.
> - If you use acl with http_deny directive, there no problem and files
> are not allowed to be download.
> - We also tried to use delay_class 1 with ACL all and it's not working.
>
Problem #1: You said "reverse proxy"
Squid delay pools are designed for forward proxy. They work with a pool
resolution of /16 through to /32. Larger networks /8 or in
reverse-proxy case of /0 get lots of overlapping and people sharing
bandwidth counters.
You would be better using tcp_outgoing_tos and the ACL to send a
TOS/DiffServ marker for some OS rules to do rate-limiting with.
> Here you have the delay pool configuration:
>
> #ACL identifiant les fichiers hebdomadaires, mensuels et complets
> acl fichiers url_regex -i \^*ful25.m25$ \^*m25.m25$ \^*cur25.m25$
So....
acl fichiers url_regex -i (ful|m|cur)25.m25$
>
> #Declaration des pools de gestion de bande passante
> delay_pools 2
>
> #definition du pool concernant les fichiers volumineux.
> #Chaque poste d'un réseau dispose de 30Ko/s de bande passante,
> #un sous réseau de classe C dispose de 50 Ko/s
> #et la totalité des postes demandant ce type de fichiers disposent de 1Mo/s
> delay_class 1 3
> delay_access 1 allow fichiers
> delay_access 1 deny all
> delay_parameters 1 1048576/1048576 50200/50200 30720/50200
>
> #definition du pool pour les autres fichiers
> #Aucune limite n'est positionnée pour le moment
> delay_class 2 3
> delay_access 2 deny fichiers
> delay_access 2 allow all
> delay_parameters 2 -1/-1 -1/-1 -1/-1
This #2 pool is useless. "-1/-1" means no-limit.
BUT, not limiting the !fichiers group is what the delay_access lists for
pool #1 already said.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12Received on Fri Oct 07 2011 - 10:13:30 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 07 2011 - 12:00:03 MDT