Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
That could work, I would just need to know at some point, if this event was triggered. Been playing with %st , %>qos , & % wrote: > On 17/05/2016 6:37 a.m., J Green wrote: > > Re logging, does this eventually get logged by Squid, somewhere? > > > > I assume by "this" you mean the TOS values? > > There are the %>qos and % > Amos > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Sorry, I was looking for logging of traffic management events, where maximum download/upload size has been violated. Thank you. On Mon, May 16, 2016 at 12:39 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 05/16/2016 12:37 PM, J Green wrote: > > Re logging, does this eventually get logged by Squid, somewhere? > > All transactions accessing Squid must be logged in access.log. If a > transaction is not logged, it is a Squid bug. > > Please note that Squid logs transactions when they complete, not when > they start. Thus, tunneled transactions should be logged when the tunnel > is closed, which may take a very long time in some cases. > > Alex. > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Re logging, does this eventually get logged by Squid, somewhere? For this implementation, I was going to use pfSense. Turns out that Sarg is no longer included in the package list for pfSense (current version). On Tue, May 10, 2016 at 2:43 PM, J Green wrote: > Very interesting, thank you both. > > On Tue, May 10, 2016 at 2:23 PM, Yuri Voinov wrote: > >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> >> >> 11.05.16 2:57, Eliezer Croitoru пишет: >> > >> > Hey, >> > >> > >> > >> > You can always use a TOS from squid to mark connections and\or users >> and to somehow create some policy case on that. >> >> Sure, Eliezer. I've forgot about TOS. Good point. >> > >> > I have used more then once the Linux "tc" to "jail" a user which was >> abusing his unbound bandwidth policy. >> > >> > I do not like the idea but I have asked couple networking experts about >> the most used approach compared to the most efficient and it's seems pretty >> reasonable from the business aspect of networking to slow(not hog) a user. >> > Specifically there are places which defines the Internet as a WEB only >> ie port 80 and 443 and for HTTP only traffic. >> > >> > For these purposes squid is great while there are other approaches to >> the subject. >> > >> > >> > >> > Eliezer >> > >> > >> > >> > >> > >> > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> >> <http://ngtech.co.il/lmgtfy/> >> > Linux System Administrator >> > Mobile: +972-5-28704261 >> > Email: elie...@ngtech.co.il >> > >> > >> > >> > *From:*squid-users [mailto:squid-users-boun...@lists.squid-cache.org >> ] *On Behalf Of *J Green >> > *Sent:* Tuesday, May 10, 2016 8:42 PM >> > *To:* Yuri Voinov >> > *Cc:* squid-users@lists.squid-cache.org >> > *Subject:* Re: [squid-users] Can Traffic Management Settings be >> configured for other TCP protocols? >> > >> > >> > >> > That is fair, re intended use. But yes, management want to know if >> users are attempting to circumvent policy. Re analyzing logs, I did not >> see this logged anywhere. Is there perhaps a debug mode which I need to >> enable? >> > >> > Thank you. >> > >> > >> > >> > On Tue, May 10, 2016 at 10:29 AM, Yuri Voinov > <mailto:yvoi...@gmail.com> > wrote: >> > >> > >> > First, upload is PUT method usage. Most common HTTP/HTTPS is GET/HEAD >> methods. >> > >> > Second, logging of all things is not my goal. >> > >> > For me, it is sufficient that the restrictions imposed by me in >> accordance with the policy. The amount of downloads for my count analyzers >> logs, if management is interesting to read the reports independently. >> > >> > 10.05.16 23:25, J Green пишет: >> > > So back to the intended use cases for HTTP, HTTPS, & FTP , how can >> you log violations of maximum download/upload size? I see an error message >> generated on the client system, but not w/in Squid. Thank you. >> > >> > > On Mon, May 9, 2016 at 10:12 AM, Yuri Voinov > <mailto:yvoi...@gmail.com> <mailto:yvoi...@gmail.com> >> <mailto:yvoi...@gmail.com> > >> wrote: >> > >> > >> > > Squid is not a proxy server every imaginable the TCP-usage protocol. >> > >> > > AFAIK HTTP/HTTPS/FTP. That's all, folks. >> > >> > >> > > 09.05.16 23:07, J Green пишет: >> > > > Hello all: >> > >> > >> > >> > > > Can Traffic Management Settings be configured for TCP >> > > protocols other than HTTP? >> > >> > >> > >> > > > Would like to limit maximum upload and download sizes for >> > > other TCP protocols: SMB, NFS, FTP, and RDP. >> > >> > >> > >> > > > Is this possible? If so, how? >> > >> > >> > >> > > > Thank you. >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > ___ >> > >> > > > squid-users mailing list >> > >> > > > squid-users@lists.squid-cache
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Very interesting, thank you both. On Tue, May 10, 2016 at 2:23 PM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > > 11.05.16 2:57, Eliezer Croitoru пишет: > > > > Hey, > > > > > > > > You can always use a TOS from squid to mark connections and\or users and > to somehow create some policy case on that. > > Sure, Eliezer. I've forgot about TOS. Good point. > > > > I have used more then once the Linux "tc" to "jail" a user which was > abusing his unbound bandwidth policy. > > > > I do not like the idea but I have asked couple networking experts about > the most used approach compared to the most efficient and it's seems pretty > reasonable from the business aspect of networking to slow(not hog) a user. > > Specifically there are places which defines the Internet as a WEB only > ie port 80 and 443 and for HTTP only traffic. > > > > For these purposes squid is great while there are other approaches to > the subject. > > > > > > > > Eliezer > > > > > > > > > > > > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> > <http://ngtech.co.il/lmgtfy/> > > Linux System Administrator > > Mobile: +972-5-28704261 > > Email: elie...@ngtech.co.il > > > > > > > > *From:*squid-users [mailto:squid-users-boun...@lists.squid-cache.org > ] *On Behalf Of *J Green > > *Sent:* Tuesday, May 10, 2016 8:42 PM > > *To:* Yuri Voinov > > *Cc:* squid-users@lists.squid-cache.org > > *Subject:* Re: [squid-users] Can Traffic Management Settings be > configured for other TCP protocols? > > > > > > > > That is fair, re intended use. But yes, management want to know if > users are attempting to circumvent policy. Re analyzing logs, I did not > see this logged anywhere. Is there perhaps a debug mode which I need to > enable? > > > > Thank you. > > > > > > > > On Tue, May 10, 2016 at 10:29 AM, Yuri Voinov <mailto:yvoi...@gmail.com> > wrote: > > > > > > First, upload is PUT method usage. Most common HTTP/HTTPS is GET/HEAD > methods. > > > > Second, logging of all things is not my goal. > > > > For me, it is sufficient that the restrictions imposed by me in > accordance with the policy. The amount of downloads for my count analyzers > logs, if management is interesting to read the reports independently. > > > > 10.05.16 23:25, J Green пишет: > > > So back to the intended use cases for HTTP, HTTPS, & FTP , how can you > log violations of maximum download/upload size? I see an error message > generated on the client system, but not w/in Squid. Thank you. > > > > > On Mon, May 9, 2016 at 10:12 AM, Yuri Voinov <mailto:yvoi...@gmail.com> <mailto:yvoi...@gmail.com> > <mailto:yvoi...@gmail.com> > wrote: > > > > > > > Squid is not a proxy server every imaginable the TCP-usage protocol. > > > > > AFAIK HTTP/HTTPS/FTP. That's all, folks. > > > > > > > 09.05.16 23:07, J Green пишет: > > > > Hello all: > > > > > > > > > > Can Traffic Management Settings be configured for TCP > > > protocols other than HTTP? > > > > > > > > > > Would like to limit maximum upload and download sizes for > > > other TCP protocols: SMB, NFS, FTP, and RDP. > > > > > > > > > > Is this possible? If so, how? > > > > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > ___ > > > > > > squid-users mailing list > > > > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > <mailto:squid-users@lists.squid-cache.org> > > <mailto:squid-users@lists.squid-cache.org> > > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > ___ > > > squid-users mailing list > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > <mailto:squid-users@lists.squid-cache.org> > > <mailto:squid-users@lists.squid-cache.org> > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > > > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMlFEAAoJENNXIZxhPexGO6AH/RsDrJKihobs93E9OLhT7uuB > 6KjX5eSfcNzYmTX1QsTn4SDf2l3HaItZ5jPuSFGSBMTuGo0RaHc0Y+YIcRO8CuOG > PQDBPXff2Vg16o06Ty78XLUAfWUr1q4uu6G5Vp8F2cLWSjk7thuFu9XoYe5Q2z1V > yN99aV/Kol+Om//eSPOf3hre3ONYRFn2lR+GJET9QNfogiRakpFOzeeGp3fXQgzA > S6n2MfhyhYRO3lDtjGcrWDoR5Tz8OdKlReuwHqtkuQi/OA95O9CpfwnEnORGLVN6 > G4H0pG7MrXBbl5zRhspkr9BNvtunkFsSnUlcUhBtKj1RhsC7H9g7lvkE8QKphIU= > =kDA0 > -END PGP SIGNATURE- > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Fair criticisms, yes. But an interesting problem, no? And I think I am close to getting something somewhat functional, using various pieces of hardware and software. Is it a slick solution? Not at all. But it just might work more or less. Small could be 10MB. Large is larger. On Tue, May 10, 2016 at 1:03 PM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > I think change is posing the problem. "Big" and "small", it seems to me, > is too vague a criterion. Plus direct solution assumes continious control > of each connection at all and accounting at all. What, in my opinion, a bit > crazy. > > 11.05.16 1:59, J Green пишет: > > From what I understand, it is traffic policing, as opposed to traffic > shaping. > > > > The goal is to block transfer of large files over various TCP protocols, > while allowing small files. > > > > Thank you all, for your input. > > > > > > > > On Tue, May 10, 2016 at 12:55 PM, Yuri Voinov <mailto:yvoi...@gmail.com> > wrote: > > > > > > And, incidentally, smoke manuals - Cisco either enables traffic shaping > or limit the speed on ports, protocols, networks, clients and so on. :) As > you wish. :) > > > > Its possibilities are limited only version of the software platform, and > your ability to smoke manuals. :) > > > > 11.05.16 1:49, Yuri Voinov пишет: > > > > > > > > > You can not pull the owl on the globe. ) > > > > > > > > > By the way, I'm not sure what he was trying to achieve this > > :) > > > > > > > > > > > > > 11.05.16 1:45, Adam W. Dace пишет: > > > > > > Back in the day, I used > > > > > "traffic shaping" on the Cisco router to achieve that > > sort of > > > > > thing. It actually changes the traffic to fit your > > Internet link, > > > > > versus limiting per-connection speed. > > > > > > > > > > > > > > > > > > Still, this is off-topic. Anyways, consult your > > CIOS > > > > > documentation and good luck! :) > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > > > > > > > > > > Adam > > > > > > > > > > > > > > > > > > On Mon, May 9, 2016 at 12:07 PM J Green > > > > > mailto:corpengin...@gmail.com> > > > > > > <mailto:corpengin...@gmail.com> > <mailto:corpengin...@gmail.com> > wrote: > > > > > > > > > > > > > > > > > > Hello all: > > > > > > > > > > > > > > > > > > Can Traffic Management Settings be configured > > for TCP > > > > > protocols other than HTTP? > > > > > > > > > > > > > > > > > > Would like to limit maximum upload and > > download sizes for > > > > > other TCP protocols: SMB, NFS, FTP, and RDP. > > > > > > > > > > > > > > > > > > Is this possible? If so, how? > > > > > > > > > > > > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > > > ___ > > > > > > > > > > squid-users mailing list > > > > > > > > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > > > > <mailto:squid-users@lists.squid-cache.org> > > <mailto:squid-users@lists.squid-cache.org> > > > > > > > > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ___ > > > > > > > > > > squid-users mailing list > > > > > > > > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > > > > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > > > > > > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMj6CAAoJENNXIZxhPexG4P4H/iampGAgQXQik3ZgbDwgDn22 > CNB4/KFcrv1Sdjst6b3pzko/XRpvOhuYSbJ2tUOfasP7gF5bTqUTYl1jCWxd07kA > VXmSbY5ynM3hgHVZowiL/6wksxQyTiqNEA86ae77gDig0SWu8NbNHZ058iN/sCRn > 9F363nYdpj4LffHYXe16XLn/lGLF3yG0kpDZI+dSVy2QS57aOisc0lADTbKvzSOJ > RpfUfUI4EHcQoOVYlk91c6LckZGxy6N1lYEQbdCy+Y0OwM25crCaiaEuiaB8RTSi > kKcJk16L5UFGYQiKchyUq9r73D4+0hLlloOTCJ+HwNYQzbLFPn+rTrLo6tI47pg= > =Y3mu > -END PGP SIGNATURE- > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
>From what I understand, it is traffic policing, as opposed to traffic shaping. The goal is to block transfer of large files over various TCP protocols, while allowing small files. Thank you all, for your input. On Tue, May 10, 2016 at 12:55 PM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > And, incidentally, smoke manuals - Cisco either enables traffic shaping or > limit the speed on ports, protocols, networks, clients and so on. :) As you > wish. :) > > Its possibilities are limited only version of the software platform, and > your ability to smoke manuals. :) > > 11.05.16 1:49, Yuri Voinov пишет: > > > > > You can not pull the owl on the globe. ) > > > > By the way, I'm not sure what he was trying to achieve this :) > > > > > > 11.05.16 1:45, Adam W. Dace пишет: > > > Back in the day, I used > > "traffic shaping" on the Cisco router to achieve that sort of > > thing. It actually changes the traffic to fit your Internet link, > > versus limiting per-connection speed. > > > > > > > > > Still, this is off-topic. Anyways, consult your CIOS > > documentation and good luck! :) > > > > > > > > > Regards, > > > > > > > > > Adam > > > > > > > > > On Mon, May 9, 2016 at 12:07 PM J Green > >> <mailto:corpengin...@gmail.com> > wrote: > > > > > > > > > Hello all: > > > > > > > > > Can Traffic Management Settings be configured for TCP > > protocols other than HTTP? > > > > > > > > > Would like to limit maximum upload and download sizes for > > other TCP protocols: SMB, NFS, FTP, and RDP. > > > > > > > > > Is this possible? If so, how? > > > > > > > > > Thank you. > > > > > > > > > > > > > ___ > > > > > squid-users mailing list > > > > > squid-users@lists.squid-cache.org > > <mailto:squid-users@lists.squid-cache.org> > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > > > > > > > > > ___ > > > > > squid-users mailing list > > > > > squid-users@lists.squid-cache.org > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMjyyAAoJENNXIZxhPexGH+gH/A2Ma7A+LqIP34jWqLK2LUvY > GLtzDh8KZuHgucg6dXlsCUIP+odUcm1RFhyxDBQMto4J5i+1C3qWQ+AVhj2SaWn7 > RyS3NPAtOAcoN7aAFbghsHXPv9UZVa5AG5qqNkr6HDv9TlpcOWAQK2kzfDQL8TZs > SBtADRFWYwHpr3lK5bU50E5LYJ0+IePLEuHiltj+Q2hh26zRfixNmIWDr1awxIUP > izg4rHLg7Zl8i2M3dGW50jf0SGf2sPUm3ZK6W8HLusBv0tsNn1Z/4eVzl9F6n9XE > nvx5wVLNA4wurZDAuDn8Tca+QeBIbZ78RiAooT+1dxMTmOEY33+PZOykRI8y80U= > =y3cz > -END PGP SIGNATURE- > > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
That is fair, re intended use. But yes, management want to know if users are attempting to circumvent policy. Re analyzing logs, I did not see this logged anywhere. Is there perhaps a debug mode which I need to enable? Thank you. On Tue, May 10, 2016 at 10:29 AM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > First, upload is PUT method usage. Most common HTTP/HTTPS is GET/HEAD > methods. > > Second, logging of all things is not my goal. > > For me, it is sufficient that the restrictions imposed by me in accordance > with the policy. The amount of downloads for my count analyzers logs, if > management is interesting to read the reports independently. > > 10.05.16 23:25, J Green пишет: > > So back to the intended use cases for HTTP, HTTPS, & FTP , how can you > log violations of maximum download/upload size? I see an error message > generated on the client system, but not w/in Squid. Thank you. > > > > On Mon, May 9, 2016 at 10:12 AM, Yuri Voinov <mailto:yvoi...@gmail.com> > wrote: > > > > > > Squid is not a proxy server every imaginable the TCP-usage protocol. > > > > AFAIK HTTP/HTTPS/FTP. That's all, folks. > > > > > > 09.05.16 23:07, J Green пишет: > > > Hello all: > > > > > > > > > Can Traffic Management Settings be configured for TCP > > protocols other than HTTP? > > > > > > > > > Would like to limit maximum upload and download sizes for > > other TCP protocols: SMB, NFS, FTP, and RDP. > > > > > > > > > Is this possible? If so, how? > > > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > ___ > > > > > squid-users mailing list > > > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMhpnAAoJENNXIZxhPexG3ZkH/RXEyeJFjGECUV7S6ebQg0SZ > 31A82FNRApaHOLZWPHYZ0u1tpyISYK2t+2ZpAI+lAuMocUtRIW6gKHIPiWP66SdZ > xLU5PeSvEbvlncoChajChD+3SDmrlADJD7WpMfw/4RqwDZqNznKX6jLRv3ApoCwu > JRl+6S2PQ2UARmUEEyeAJLIfZQLKI3EqyUphaVeTaO6una1RXQgavRePjU3zuVBX > 9Yw0c8cRxtTuo9GePjPsQVIn7QZTSp6EHJ9ExHiLFFi1USdf51qSpc5VKS5HpOkL > U8wdp59yDb9fa15rrqBSFhXCTwhe5qbyDuxdOq6tozHN5BTm3zMNICv1En1dUig= > =x2f0 > -END PGP SIGNATURE- > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
So back to the intended use cases for HTTP, HTTPS, & FTP , how can you log violations of maximum download/upload size? I see an error message generated on the client system, but not w/in Squid. Thank you. On Mon, May 9, 2016 at 10:12 AM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Squid is not a proxy server every imaginable the TCP-usage protocol. > > AFAIK HTTP/HTTPS/FTP. That's all, folks. > > > 09.05.16 23:07, J Green пишет: > > Hello all: > > > > Can Traffic Management Settings be configured for TCP protocols other > than HTTP? > > > > Would like to limit maximum upload and download sizes for other TCP > protocols: SMB, NFS, FTP, and RDP. > > > > Is this possible? If so, how? > > > > Thank you. > > > > > > > > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMMUAAAoJENNXIZxhPexGOy8IAMs2DbmNAopj7jqL5Z9KEg6z > GpRL7y207VkSaz12Bhcdf2PsAy+xCnHzJ6SMeR4MNKeTrfImSQoyJbS4UuFHygcR > v+9618vUKfpcYaTUc09DTJUh49F0PwJX/lJQxNiDtb/AHEkX+WdDbuFL2S8+AzJm > ZhNA1FigXzuhGpwaxqhh2uB0zL5wec7IQuSO24POPvBf/hgvzSmBuH6u1SuBLvpp > RPObRULHTaWhyvMQgufHWm1H0ejpvCZgCqEEcXSW4MbqCatr8DBSmkP28EfweocD > 4mdpKTWu6HX9EX3ZZ96dKqsOjEBXlKU8BUqlK2irMQgM09IIXCjCRc5W00Qv8tA= > =v0m2 > -END PGP SIGNATURE- > > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
At the host level? Was hoping for something at the network level. On Mon, May 9, 2016 at 10:06 PM, Amos Jeffries wrote: > On 2016-05-10 06:05, J Green wrote: > >> Appreciate the response. Thought it might work if I added those ports >> to the safe list. >> > > The Safe_ports list is the ports it is considered safe to send traffic to > from an HTTP proxy. The ports not on that list are for protocols that can > have crafted messages that look like HTTP to the proxy and non-HTTP to the > server. Enabling server attacks through HTTP relays. Email SMTP ports are > particularly vulnerable to spam being delivered in this way. > > >> If not Squid, any idea how to accomplish this? >> >> > With your systems regular QoS settings. > > Amos > > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Sorry to derail off topic, though I appreciate the feedback. Trying to get this to work through a Cisco ASA. If not, I probably have an old 2900 series router somewhere. Thank you again. On Mon, May 9, 2016 at 2:33 PM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > I mean this, for example: > > haribda(config)#policy-map Net_Limit > haribda(config-pmap)#class alternate > haribda(config-pmap-c)#? > Policy-map class configuration commands: > admitAdmit the request for > bandwidthBandwidth > compression Activate Compression > drop Drop all packets > exit Exit from class action configuration mode > fair-queue Enable Flow-based Fair Queuing in this Class > flow Flow subcommands > log Log IPv4 and ARP packets > measure Measure > netflow-sampler NetFlow action > no Negate or set default values of a command > police Police > priority Strict Scheduling Priority for this Class > queue-limit Queue Max Threshold for Tail Drop > random-detectEnable Random Early Detection as drop policy > service-policy Configure QoS Service Policy > set Set QoS values > shapeTraffic Shaping > > haribda(config-pmap-c)#bandwidth ? > <1-200> Kilo Bits per second > percent % of total Bandwidth > remainingpercent/ratio of the remaining bandwidth > > This is 2901, ISR G-2. > > 10.05.16 3:15, J Green пишет: > > Here, re 'upload and download sizes', I meant the later 'dumb traffic > limits'. > > > > We do have a Cisco firewall in place, and I have setup 'traffic > policing'. However, the results are inconsistent. Sometimes it seems to > work, other times it blocks everything, or it blocks nothing. > > > > Appreciate all the feedback, thank you all for your time. > > > > On Mon, May 9, 2016 at 12:27 PM, Yuri Voinov <mailto:yvoi...@gmail.com> > wrote: > > > > > > For such task enough put Cisco router with TCP traffic policies . > > > > And please - any protocol, any speed limits, any ACL's, any SLA . > > > > > > 10.05.16 1:15, Alex Rousskov пишет: > > > On 05/09/2016 12:53 PM, Yuri Voinov wrote: > > > > >> Just to clarify. For proxying anything (protocol or service), the > proxy > > >> server must be at the same time also act as the client of a protocol > or > > >> service - and as a server. > > > > > > > It all depends on the definition of "upload and download sizes" in the > > > OP question. If the intent is to understand and restrict individual > > > protocol messages, then you are right. If the intent is just to limit > > > the aggregate number of TCP bytes transferred, then protocol > > > understanding (in a "transparent" setup) is not required. > > > > > Needless to say, Squid is unlikely to be the best solution for the > > > latter "dumb traffic limits" problem, but if an "all-in-one executable" > > > is a critical requirement, one can make modern Squids to limit tunneled > > > TCP traffic that it does not understand. > > > > > Alex. > > > > > > >> J Green: > > >>>> Would like to limit maximum upload and download sizes for > > >>>> other TCP protocols: SMB, NFS, FTP, and RDP. > > > ___ > > > squid-users mailing list > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMQIjAAoJENNXIZxhPexGC9YIAIXbLAOqQMTNmawXVrSpK2rP > zwW4RmwsmDOZzqFgldMlEJRkSH+H3UXiF6Zw994Ys3pYliB5o55qN3DYB2fGlu4H > Me3bq71PoZo+qes15l9ePpWq+0jK9B06fMGgWdBeSuVjRwC72hq0k2cPCpg9Hcd3 > KqytNCaM6kb7CFfxhm8g5w0lSHwQkoKM8XDbtVzrKjT0VbFcYRXR6SP5tzRwDW9D > ZHFQ8hX19RBof8JqWQo6UbhXZBZGtDjoOaGQ/EBMLjzl6guUdKt9Xi8pF+rkBgSk > S0Y2JZypIxAeMuj9STfRs54ZCId9NtZfA76o5M7PH0OrCfz1oXA+m0kzCQfEZtY= > =tSMD > -END PGP SIGNATURE- > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Here, re 'upload and download sizes', I meant the later 'dumb traffic limits'. We do have a Cisco firewall in place, and I have setup 'traffic policing'. However, the results are inconsistent. Sometimes it seems to work, other times it blocks everything, or it blocks nothing. Appreciate all the feedback, thank you all for your time. On Mon, May 9, 2016 at 12:27 PM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > For such task enough put Cisco router with TCP traffic policies . > > And please - any protocol, any speed limits, any ACL's, any SLA . > > > 10.05.16 1:15, Alex Rousskov пишет: > > On 05/09/2016 12:53 PM, Yuri Voinov wrote: > > > >> Just to clarify. For proxying anything (protocol or service), the proxy > >> server must be at the same time also act as the client of a protocol or > >> service - and as a server. > > > > > > It all depends on the definition of "upload and download sizes" in the > > OP question. If the intent is to understand and restrict individual > > protocol messages, then you are right. If the intent is just to limit > > the aggregate number of TCP bytes transferred, then protocol > > understanding (in a "transparent" setup) is not required. > > > > Needless to say, Squid is unlikely to be the best solution for the > > latter "dumb traffic limits" problem, but if an "all-in-one executable" > > is a critical requirement, one can make modern Squids to limit tunneled > > TCP traffic that it does not understand. > > > > Alex. > > > > > >> J Green: > >>>> Would like to limit maximum upload and download sizes for > >>>> other TCP protocols: SMB, NFS, FTP, and RDP. > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMOSiAAoJENNXIZxhPexGmOAIAJhNvgZRR5ehoj/UBiqPQJQa > rOxzPE52Z2iw7jlN+Iy3R9yW/noJyi7SQ91ll1p/rtEUbDhoObCPwClg/BIb45Ah > J8T2UrvqkebVLjKOkNVmH9BlZ0cioiLcsI/vATSg6cEIdD4ZxHIV99VigKWx4tk1 > NxGBKQats5fOTsrqrH4dPsRIyQgCgjAwF9IgAjU5Hxy4Xrbe8sFNxjOh6tabIB4q > WUaBhch6eaxZEKw8aR9G6fxYRrTlMUHhxhHT15O52CSt6kwl+HVTRdlt5acQRxvN > 0dTDxKOn1PUMix13WtbhpausAC54VJTCfUgmukB3TSWWXQYeA7/S/Bj2L0REgM8= > =LcoZ > -END PGP SIGNATURE- > > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Thank you. Yes, I am having a difficult time trying to find a solution for this. On Mon, May 9, 2016 at 11:18 AM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > As I know, even this solution can not: > > > https://www.bluecoat.com/products-and-solutions/on-premise-secure-web-gateway > > 10.05.16 0:05, J Green пишет: > > Appreciate the response. Thought it might work if I added those ports > to the safe list. > > > > If not Squid, any idea how to accomplish this? > > > > Thank you. > > > > On Mon, May 9, 2016 at 10:12 AM, Yuri Voinov <mailto:yvoi...@gmail.com> > wrote: > > > > > > Squid is not a proxy server every imaginable the TCP-usage protocol. > > > > AFAIK HTTP/HTTPS/FTP. That's all, folks. > > > > > > 09.05.16 23:07, J Green пишет: > > > Hello all: > > > > > > > > > Can Traffic Management Settings be configured for TCP > > protocols other than HTTP? > > > > > > > > > Would like to limit maximum upload and download sizes for > > other TCP protocols: SMB, NFS, FTP, and RDP. > > > > > > > > > Is this possible? If so, how? > > > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > ___ > > > > > squid-users mailing list > > > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMNRnAAoJENNXIZxhPexGgg4H/2kd0y7hhypCWMlOnvzDUiOq > otgreU9Z1tnPi/U8b+qmL+woXT6oy2d25CRMBZa8N38le0OS1zkH9e/XiagAJefK > gv2IWdDlO1F/ibPzhTG4nGMMT4HzXgDYGCdJCLe33E5Q/1nRFCzAeabfHPQeeLwD > Xl/qbKA6b1gUusmH4PAdl/oANNW10RrPC2X39Ei2k7BQVPXRB/kU599sd13S2F44 > s2RlGIKb4N4eQMkIUM+cffZ8e9URnoad/m7HkKs5ZUrZOb4Ayt67kE5YVt98oyuJ > +zGafGwOm+A06Hpa/LMbpb21WOajStq3h5hX9QZSROsiL0xsWOPT07pf6sTSfXY= > =4zKK > -END PGP SIGNATURE- > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Appreciate the response. Thought it might work if I added those ports to the safe list. If not Squid, any idea how to accomplish this? Thank you. On Mon, May 9, 2016 at 10:12 AM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Squid is not a proxy server every imaginable the TCP-usage protocol. > > AFAIK HTTP/HTTPS/FTP. That's all, folks. > > > 09.05.16 23:07, J Green пишет: > > Hello all: > > > > Can Traffic Management Settings be configured for TCP protocols other > than HTTP? > > > > Would like to limit maximum upload and download sizes for other TCP > protocols: SMB, NFS, FTP, and RDP. > > > > Is this possible? If so, how? > > > > Thank you. > > > > > > > > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXMMUAAAoJENNXIZxhPexGOy8IAMs2DbmNAopj7jqL5Z9KEg6z > GpRL7y207VkSaz12Bhcdf2PsAy+xCnHzJ6SMeR4MNKeTrfImSQoyJbS4UuFHygcR > v+9618vUKfpcYaTUc09DTJUh49F0PwJX/lJQxNiDtb/AHEkX+WdDbuFL2S8+AzJm > ZhNA1FigXzuhGpwaxqhh2uB0zL5wec7IQuSO24POPvBf/hgvzSmBuH6u1SuBLvpp > RPObRULHTaWhyvMQgufHWm1H0ejpvCZgCqEEcXSW4MbqCatr8DBSmkP28EfweocD > 4mdpKTWu6HX9EX3ZZ96dKqsOjEBXlKU8BUqlK2irMQgM09IIXCjCRc5W00Qv8tA= > =v0m2 > -END PGP SIGNATURE- > > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?
Hello all: Can Traffic Management Settings be configured for TCP protocols other than HTTP? Would like to limit maximum upload and download sizes for other TCP protocols: SMB, NFS, FTP, and RDP. Is this possible? If so, how? Thank you. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
