Re: [squid-users] delay_access url_regex acl from Amos Jeffries on 2011-05-27 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 27 May 2011 23:06:14 +1200

On 26/05/11 23:21, Marc Nil wrote:
> Hello,
>
> I am currently facing some troubles will using Squids
> feature to manage bandwidth (delay_pools, delay_access, ...)
>
> I would like to apply a 50kbytes/s limitation to each
> users and a global 3Mbytes/s limitation.
> There is a authentication group (I am working with NTLM
> authentication) for which I apply no limit.
> Here is the conf :
> acl InternetAdmin external InetGroup Internet_Admin
>
> delay_pools 1
> delay_class 1 2
> delay_parameters 1 3145728/3145728 51200/51200
> delay_access 1 allow !InternetAdmin
> delay_access 1 deny all
>
> This works fine.

You sure? delay_access does not do external ACL lookups for the auth.
There must be a matching http_access test to perform the lookups and
cache them first.

> Now I want to allow all user to download at normal speed
> on some sites.
> acl whitelist.no_limit url_regex
> "/etc/squid3/etc/whitelist.no_limit" #
> "/etc/squid3/etc/whitelist.no_limit contains list of sites with no BW
> limit
>
> delay_pools 1
> delay_class 1 2
> delay_parameters 1 3145728/3145728 51200/51200
> delay_access 1 allow !whitelist.no_limit !InternetAdmin
> delay_access 1 deny all

This looks correct for delay_access. Is a bit non-intuitive though.

Try this for easier reading later:
   delay_access 1 deny whitelist.no_limit
   delay_access 1 deny InternetAdmin
   delay_access 1 allow all

>
> However with such configuration all sites (even those in
> whitelist.no_limit) are limited in bandwidth.

I suspect some error in the regex patterns. Check for patterns that are
short and could match anywhere. Post the whitelist here if you want any
help with the check.

Alternatively if you added the whitelist to http_access as well it could
have screwed with the http_access login lookup. Making login unavailable
and always fail at the delay_access check.

>
> Thank in advance for your help,
> Best Regards,
> Marc.
>
> Debian Lenny: 2.6.26-2-686
> Squid Cache: Version 3.0.STABLE8

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.7 and 3.1.12.1

Received on Fri May 27 2011 - 11:06:20 MDT

This archive was generated by hypermail 2.2.0 : Fri May 27 2011 - 12:00:03 MDT