kfliong wrote:
> Adam Aube wrote:
>>kfliong wrote:
>>> I tried to use delay_pools to control the speed of some users but
>>> somehow it doesn't work. Particularly delay_access 5. Those users in
>>> delay_access 5 need to be running at only 1k/s but somehow this speed
>>> limit is not imposed. Please help.
>>> Here is my squid.conf for delay_pool :
>>> #delay_acess 5 for very slow speed
>>> delay_access 5 allow slow_sites
>>> delay_access 5 allow slow_user2
>>> delay_access 5 deny all
>>> acl slow_sites dstdomain .friendster.com uw.netroasia.com
>>> .rottentomatoes.com
>>> acl slow_user2 srcdomain jackye marcus
>>Which ACL is having the problem - slow_sites or slow_user2?
>>In slow_user2, you are using the srcdomain ACL, but the parameters you
>>give it don't seem to be correct domain names (compare to the dstdomain
>>ACL).
>>Also, srcdomain requires a reverse lookup on the client's IP address. Is
>>the reverse DNS setup correctly for your client IP addresses?
>>What if you try using a src ACL (IP address) instead of srcdomain?
> Both the slow_sites and slow_user2 doesn't work.
Odd - slow_sites looks correct and should work. Can you give a specific
example of something that should work but isn't?
> If I use http_access to block slow_user2 it will work. So, I am sure that
> the srcdomain works.
> But when trying to limit the speed using delay_pools it doesn't seems to
> work.
According to the delay pools FAQ, "delay pool ACL processing is done using
'fast lookups', which means (among other things) it won't wait for a DNS
lookup if it would need one."
http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8
srcdomain requires a reverse DNS lookup of the client IP address, which is
why it isn't working in delay_access - Squid won't wait for the DNS lookup
to complete.
A workaround for this would be to use the slow_user2 acl somewhere in your
http_access section. http_access will wait for the DNS lookup, and it will
make the information available to delay_access.
Adam
Received on Tue Jan 04 2005 - 09:35:57 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST