Re: [squid-users] 答复: [squid-users] How to set different maxconn number of proxy_auth user from default maxconn?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 05 Mar 2012 22:11:25 +1300

On 5/03/2012 8:33 p.m., Jiang Wen Dong wrote:
> This is not what I want.
> I want proxy_auth user maxconn=100, others maxconn=50.

Yes. That is what the config I wrote does.

# if user has connections >= 100, deny even if logged in
# else if user is logged in, allow (up to 100)
# else if connections >= 50, deny more than 50 connections

(extra lines are for good security, allowing random person on The
Internet 50 connections is not good)
# else other local clients, allow
# else deny

Amos

> -----邮件原件-----
> 发件人: Amos Jeffries
>
> On 05.03.2012 14:16, Jiang Wen Dong wrote:
>> My English is not good, hope you can understand what I'm saying.
>>
>> I want to set default maxconn=50, and maxconn=100 for proxy_auth user.
>>
>> If I set default maxconn before proxy_auth, then proxy_auth user get
>> maxconn=50, not maxconn=100.
>>
>> If I set default maxconn after proxy_auth, every user get a auth
>> dialog window, which I do not want it show for !proxy_auth user.
>>
>> How to set different maxconn number of proxy_auth user from default
>> maxconn?
>>
> You are thinking about this backwards. Place the widest "everybody"
> limitations first. Then the highest privileged allow permissions. Then repeat as you gradually restrict things.
>
> Like this:
>
> acl login proxy_auth REQUIRED
> acl 100cc maxconn 100
> acl 50cc maxconn 50
>
> # nobody allowed more than 100 connections
> http_access deny 100cc
>
> # login users the only ones allowed more than 50
> http_access allow login
> http_access deny 50cc
>
> # then other LAN clients...
> http_access allow localnet
>
> # everything not permitted yet is not trusted for any access.
> http_access deny all
>
> Amos
>
Received on Mon Mar 05 2012 - 09:11:31 MST

This archive was generated by hypermail 2.2.0 : Mon Mar 05 2012 - 12:00:02 MST