Re: [squid-users] ACLs - making up a multiple match requirement. (AND like) from Amos Jeffries on 2011-12-01 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 02 Dec 2011 15:47:09 +1300

On 2/12/2011 5:43 a.m., Greg Whynott wrote:
>
> looking for guidance on creating delay pools, something I've never
> done before and because its a production system, I'd like to minimize
> my down time or the amount of time i'd be here if I have to come in on
> the weekend to do it.
>

It looks like you need to read this FAQ tutorial on how ACLs and access
controls work in Squid before any of what I say below will make much sense:
http://wiki.squid-cache.org/SquidFaq

>
> the intent is to limit bandwidth to a list of external networks,
> either by IP or URL regex, to 1000kb/sec for the entire studio during
> work hours,, _except_ for a list/group of excluded hosts inside;
> which will have unrestricted access to the same external hosts.
>
> i'm attempting to limit youtube bandwidth during work hours for a
> particular inside network, whist the other inside networks have full
> bandwidth, with squid. At the same time, the 'limited' network has
> full bandwidth to other non youtube sites. it appears i'd need some
> soft of AND logic (if src IP is youtube and dest is LAN-A then..).
>
>
> I achieved this on the router using limiters/queues but its appears
> this won't work going forward, with the new 'exclusion' requirement
> management has asked me to implement. The source or destination
> always appears to be the squid server itself from the internet
> router's perspective. which is why i'm considering squid now.
>

Okay, one thing to be aware of before you start altering things is that
delay pools are assigned by Squid at the start of each request and until
that request is finished or Squid restarts the pool is not changed. This
means YT videos started in the slowdown period will stay slow even if
they run into the time when fast is allowed. Vice versa for the videos
started in fast period will stay at the fast sppeed when and after the
slow period begins.

Since you have setup the router already with policies and limiting you
may find this TOS marking to be the easier way forward. Instead of
replicating the limits and policies in Squid delay pools. All that
limiting is kept in the router and Squid only marks outgoing packets
with a TOS value depending on your criteria. For exclusions you want
http://www.squid-cache.org/Doc/config/tcp_outgoing_tos and some ACLs to
determine when and which TOS is applied to the particular requests
outgoing packets.

HTH
Amos
Received on Fri Dec 02 2011 - 02:47:17 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST