Re: [squid-users] limiting connections

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Tue, 27 Mar 2012 05:42:16 +0200

On 26/03/2012 23:13, Carlos Manuel Trepeu Pupo wrote:

>>> #!/bin/bash
>>> result=`squidclient -h 192.168.19.19 mgr:active_requests | grep -c "$1"`
>>> if [ $result -eq 0 ]
>>> then
>>> echo 'OK'
>>> else
>>> echo 'ERR'
>>> fi
the code should be something like that:

#!/bin/bash
while read line; do
        result=`squidclient -h 192.168.19.19 mgr:active_requests | grep -c "$line"`
        if [ $result -eq 0 ]
        then
        echo 'OK'
        else
        echo 'ERR'
        fi
done

but as i was looking at the mgr:active_requests in noticed that squid
responses very slow and it can take a while to get answer from it sometimes.

Regards,
Eliezer

>>>
>>> # If I have the same URI then I denied. I make a few test and it work
>>> for me. The problem is when I add the rule to the squid. I make this:
>>>
>>> acl extensions url_regex "/etc/squid3/extensions"
>>> external_acl_type one_conn %URI /home/carlos/script
>>> acl limit external one_conn
>>>
>>> # where extensions have:
>>>
>>> \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|mpg|wma|ogg|wmv|asx|asf|deb|rpm|exe|zip|tar|tgz|rar|ppt|doc|tiff|pdf)$
>>>
>>> http_access deny extensions limit
>>>
>>>
>>> So when I make squid3 -k reconfigure the squid stop working
>>>
>>> What can be happening ???
>>
>>
>> * The helper needs to be running in a constant loop.
>> You can find an example
>> http://bazaar.launchpad.net/~squid/squid/3.2/view/head:/helpers/url_rewrite/fake/url_fake_rewrite.sh
>> although that is re-writer and you do need to keep the OK/ERR for external
>> ACL.
>
> Sorry, this is my first helper, I do not understand the meaning of
> running in a constant loop, in the example I see something like I do.
> Making some test I found that without this line :
> result=`squidclient -h 192.168.19.19 mgr:active_requests | grep -c "$1"`
> the helper not crash, dont work event too, but do not crash, so i
> consider this is in some way the problem.
>
>>
>> * "eq 0" - there should always be 1 request matching the URL. Which is the
>> request you are testing to see if its>1 or not. You are wanting to deny for
>> the case where there are *2* requests in existence.
>
> This is true, but the way I saw was: "If the URL do not exist, so
> can't be duplicate", I think isn't wrong !!
>
>>
>> * ensure you have manager requests form localhost not going through the ACL
>> test.
>
> I was making this wrong, the localhost was going through the ACL, but
> I just changed !!! The problem persist, What can I do ???
>
>>
>>
>> Amos
>>

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
Received on Tue Mar 27 2012 - 03:42:31 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 27 2012 - 12:00:03 MDT