Re: [squid-users] Squid http1.1 vs http1.0 (probably again)
lör 2008-01-19 klockan 17:25 -0800 skrev Tory M Blue: How so, as you've read and provided further information re my gzip workaround (thanks), I'm wondering how 2.7 is going to help with this? I'm currently rolling out 2.6 stable 17 and interested in what 2.7 is going to provide and when.. BTW the 1.1 vs1.0 work around appears to fix my issue so I don't have to leave (I'm happy), I like squid, but I would rather things like this work without workarounds In 2.7 you can relatively safely configure it to use HTTP/1.1 whrn talking to the web server. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] mime-type based delay pools
Hi! I am a member of the Student Network Club at our institute. We are facing problems related to slow access speeds, even though the bandwidth is not so less (12 Mbps for students). We decided to set up our own proxy server (since getting authorization to access/modify the institute servers would take quite some time) to monitor utilization. As part of this exercise, we would also like to implement delay pool based bandwidth management. Since it is very likely that big downloads and youtube are eating up the bandwidth, will a mime type based delay pool work in this case? And how exactly do I set it up? For example, if i define two delay pools, one based on based on hostel IPs and the other on mime-types (question: would this be a class 1 delay pool?), and say give limit of 16 kBps / 4 MB for the downloads stream, how will this be enforced? Will this mean that _every_ download less than 4 MB goes un-delayed, and beyond that it fills up at 16 kBps? -- Best regards, Amitava Bhattacharyya PGP Class of 2008, Indian Institute of Management Bangalore J-310, Hostel Blocks, IIM Bangalore Bangalore, Karnataka 560076 INDIA +919986695721
[squid-users] mime-type based delay pools
Hi! I am a member of the Student Network Club at our institute. We are facing problems related to slow access speeds, even though the bandwidth is not so less (12 Mbps for students). We decided to set up our own proxy server (since getting authorization to access/modify the institute servers would take quite some time) to monitor utilization. As part of this exercise, we would also like to implement delay pool based bandwidth management. Since it is very likely that big downloads and youtube are eating up the bandwidth, will a mime type based delay pool work in this case? And how exactly do I set it up? For example, if i define two delay pools, one based on based on hostel IPs and the other on mime-types (question: would this be a class 1 delay pool?), and say give limit of 16 kBps / 4 MB for the downloads stream, how will this be enforced? Will this mean that _every_ download less than 4 MB goes un-delayed, and beyond that it fills up at 16 kBps? -- Best regards, Amitava Bhattacharyya PGP Class of 2008, Indian Institute of Management Bangalore J-310, Hostel Blocks, IIM Bangalore Bangalore, Karnataka 560076 INDIA +919986695721
Re: [squid-users] external_acl_type requests authentication
On Saturday 19 January 2008 22:15:45 Henrik Nordström wrote: lör 2008-01-19 klockan 14:59 + skrev ian j hart: PS. could you move patches to squid-dev or bugzilla please. Okay, will do. As I've stated previously I don't qualify to join that list. Given the time zone difference I was trying to avoid the additional grief of having each email moderated first. Don't underestimate yourself. Trust me, self confidence is not an issue ;) My problem is , and will continue to be, a lack of available time. The charter seems fairly clear cut to me. 1. Only subscribe if you want to take an active part in development. That's not me. I know most people would probably just ignore this, but I'm funny that way [1]. I can say that I have successfully lurked on many different lists depending on what needed fixing at the time. Bugs are attracted to me. I tickle them and then report them. Sometime I can find the code which causes the problem. Sometimes I can even provide a patch. Anyone who actaually look at the squid-code and try to make some sense of it is qualified for squid-dev. Just follow the procedure for getting subscribed, or start posting messges (only the first is moderated btw). Okay, I'll give it a go. Regards Henrik -- ian j hart [1] Shanachie 97024 track #3
Re: [squid-users] mime-type based delay pools
The first thing I'd do before looking at delay pools is to grab a few days of logfiles, pass them through calamaris or something similar and generate some traffic reports. If youtube is a big bandwidth hog then you may benefit from some of my work to make Squid cache youtube. Adrian On Sun, Jan 20, 2008, Amitava Bhattacharyya wrote: Hi! I am a member of the Student Network Club at our institute. We are facing problems related to slow access speeds, even though the bandwidth is not so less (12 Mbps for students). We decided to set up our own proxy server (since getting authorization to access/modify the institute servers would take quite some time) to monitor utilization. As part of this exercise, we would also like to implement delay pool based bandwidth management. Since it is very likely that big downloads and youtube are eating up the bandwidth, will a mime type based delay pool work in this case? And how exactly do I set it up? For example, if i define two delay pools, one based on based on hostel IPs and the other on mime-types (question: would this be a class 1 delay pool?), and say give limit of 16 kBps / 4 MB for the downloads stream, how will this be enforced? Will this mean that _every_ download less than 4 MB goes un-delayed, and beyond that it fills up at 16 kBps? -- Best regards, Amitava Bhattacharyya PGP Class of 2008, Indian Institute of Management Bangalore J-310, Hostel Blocks, IIM Bangalore Bangalore, Karnataka 560076 INDIA +919986695721 -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Re: [squid-users] squid trying access PF devices (freebsd)
At 00:50 19-01-2008, Amos Jeffries wrote: Alexandre Correa wrote: maresia# ls -l /dev/pf crw--- 1 root wheel0, 74 Jan 10 11:18 /dev/pf Looks like all you need to do is start squid properly as root user and let it do the permissions dropping properly itself. Even when permissions are dropped, Squid still needs to read /dev/pf. The above permissions will cause an error. When PF_TRANSPARENT is defined, the GID of /dev/pf has to be changed to be accessible by Squid. Currently, Squid 2.6.x opens /dev/pf in read/write mode. There was an OpenBSD patch to src/client_side.c to open /dev/pf in read-only mode . --- client_side.c.orig Mon Sep 3 06:13:36 2007 +++ client_side.c Sun Jan 20 09:14:37 2008 @@ -4441,7 +4441,7 @@ static int pffd = -1; static time_t last_reported = 0; if (pffd 0) { - pffd = open(/dev/pf, O_RDWR); + pffd = open(/dev/pf, O_RDONLY); if (pffd = 0) commSetCloseOnExec(pffd); } Regards, -sm
Re: [squid-users] external_acl_type requests authentication
On Saturday 19 January 2008 01:32:28 Amos Jeffries wrote: ian j hart wrote: On Friday 18 January 2008 20:10:07 ian j hart wrote: On Friday 18 January 2008 00:51:40 ian j hart wrote: The external_acl_type requests authentication since bug 1278 was fixed. I have something like this (cut down and edited). external_acl_type logger ttl=0 negative_ttl=0 children=1 %LOGIN ... acl password proxy_auth REQUIRED acl proxylist dstdomain .some.site acl logproxy external logger 8 http_access deny proxylist logproxy ###deny_info ERR_ACCESS_DENIED.proxy logproxy http_access allow password http_access deny all A hit on the proxylist causes authentication and the (bogus) error message only appears when the user selects cancel. Not intuitive. The bogus error message (you must authenticate) is easily fixed up with the deny_info line. Yes, I realise I could work around this with a dummy acl, but that's just nasty. In any case I'd rather add a feature than jump thru' hoops. Judging by the size of the patch to implement this is should be simple enough to fix up (famous last words). I had hoped I could just not set the flag, e.g. --- src/external_acl.c.orig Mon Jan 1 23:32:13 2007 +++ src/external_acl.c Thu Jan 17 21:17:31 2008 @@ -275,6 +275,8 @@ format-type = EXT_ACL_LOGIN; a-require_auth = 1; } + else if (strcmp(token, %NOAUTH) == 0) + format-type = EXT_ACL_LOGIN; #if USE_IDENT else if (strcmp(token, %IDENT) == 0) format-type = EXT_ACL_IDENT; Unfortunately this breaks an assert in authenticate.c near line 648. At which point I need help. authenticateUserRequestUsername(auth_user_request_t * auth_user_request) { assert(auth_user_request != NULL); NULL seems to be a valid return value, that's one option. Dangerous? Fixing the call would be another. It appears to be called from external_acl.c makeExternalAclKey switch (format-type) { case EXT_ACL_LOGIN: str = authenticateUserRequestUsername(request-auth_user_request); Check the flag and set str=NULL? Maybe there's a patch for this already? Or a wish list where I could post it. Or is it near enough that someone could help me out? Thanks This appears to work (tested for a whole 10 mins :) --- src/external_acl.c.orig Mon Jan 1 23:32:13 2007 +++ src/external_acl.c Fri Jan 18 19:29:15 2008 @@ -275,6 +275,8 @@ format-type = EXT_ACL_LOGIN; a-require_auth = 1; } + else if (strcmp(token, %NOAUTH) == 0) + format-type = EXT_ACL_LOGIN; #if USE_IDENT else if (strcmp(token, %IDENT) == 0) format-type = EXT_ACL_IDENT; @@ -627,7 +629,8 @@ const char *str = NULL; switch (format-type) { case EXT_ACL_LOGIN: - str = authenticateUserRequestUsername(request-auth_user_request); + if (externalAclRequiresAuth(acl_data)) + str = authenticateUserRequestUsername(request-auth_user_request); break; #if USE_IDENT case EXT_ACL_IDENT: No, that's not it. Username passed to external program is always -. Back to the drawing board. I suspect the problem you are facing with that '-' is that the login delay occurs during processing of the EXT_ACL_LOGIN state not the %LOGIN parsing. So a new state EXT_ACL_NOLOGIN will be needed to skip the credential remote-retrieval without skipping the local credential lookup. You are testing with a non-zero auth_ttl right? (that is TTL on the local auth details cache). PS. could you move patches to squid-dev or bugzilla please. Thanks Amos Further analysis reveals that I was completely on the wrong track. aclIsProxyAuth switches on the acl type not the external acl format type. This is much more difficult. I may be gone for some time :( In any case I'll move this over to squid-dev@ Thanks to everyone who replied. -- ian j hart
Re: [squid-users] Reverse Proxy Cache - implementing gzip
Content codings (like gzip) are absolutely usable with HTTP/1.0. See RFC2145. On 19/01/2008, at 4:40 AM, Tory M Blue wrote: On Jan 18, 2008 12:46 AM, Ash Damle [EMAIL PROTECTED] wrote: Hello. Any pointers how how to get Squid to do gzip compression and then e-tags when used as a reverse proxy cache. Thanks -Ash Has to do with version HTTP1.1 vs gzip. But since Squid passes http1.0 version to your origin servers, they are going to respond in kind and thus the origin is not going to gzip the content (if squid preserved the 1.0 vs 1.1 version, the origin server could do what it wanted. But believe that is the RFC compliance that squid seems to be hard pressed to conform with. How much would it cost to get Squid to preserve the http version so that our servers could provide gzip functionality? Tory -- Mark Nottingham [EMAIL PROTECTED]
[squid-users] storeDiskdSend OPEN: (35) Resource temporarily unavailable
Hi all, I'm running squid 2.6-stable17 on Freebsd 6.3. Machine is a 500MHz with 512MB RAM. ./configure --prefix=/usr/local/squid --enable- storeio=ufs,coss,diskd,null --enable-underscores --with-large-files -- enable-large-cache-files --enable-delay-pools --disable-ident-lookups --enable-snmp --enable-cache-digests --enable-underscores --enable- kill-parent-hack --enable-removal-policies --enable-async-io -- enable-kqueue --enable-follow-x-forwarded-for I just have squid displaying the following error message: 2008/01/20 18:24:15| storeDiskdSend OPEN: (35) Resource temporarily unavailable 2008/01/20 18:24:15| storeDiskdSend: msgsnd: (35) Resource temporarily unavailable 2008/01/20 18:24:15| assertion failed: diskd/store_io_diskd.c:541: + +send_errors 100 jubilee# ipcs -a Message Queues: T ID KEY MODEOWNERGROUPCREATOR CGROUP CBYTES QNUM QBYTESLSPIDLRPID STIMERTIMECTIME q 524288 942080 --rwa-- nobody nobody nobody nobody 1280 40 2048 920 927 18:05:08 18:05:08 7:34:35 q 524289 942081 --rwa-- nobody nobody nobody nobody00 2048 927 920 18:05:08 18:05:08 7:34:35 Shared Memory: T ID KEY MODEOWNERGROUPCREATOR CGROUP NATTCHSEGSZ CPID LPID ATIME DTIMECTIME m 524288 942082 --rw--- nobody nobody nobody nobody1 339968 920 927 7:34:35 18:05:28 7:34:35 Semaphores: T ID KEY MODEOWNERGROUPCREATOR CGROUP NSEMS OTIMECTIME There's only 4 users on this server, and it's been running for quite sometime now. I read that I need to increase the message queue limits, Im presuming it's the kern.ipc.msgmnb=16384. How can I monitor system before anything happens. I can run squidclient mgr:info, but what do I need to look for. Configured thee system with following parameters: kern.ipc.nmbclusters: 65536 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.ip.portrange.last=65535 kern.ipc.somaxconn=2048 kern.maxvnodes=10 kern.ipc.msgmnb=16384 kern.ipc.msgmni=40 kern.ipc.msgseg=512 kern.ipc.msgssz=64 kern.ipc.msgtql=2048 options SHMSEG=16 options SHMMNI=41 options MSGSSZ=64 options MSGTQL=512 options MSGSEZ=2048 options SHMMNI=40 options SHMMAX=2097152 options SHMALL=4096 options MAXFILES=8192 options NMBCLUSTERS=32768 options MSGMNB=16384 options VFS_AIO In my squid.conf: cache_dir diskd /usr/local/squid/var/cache 28000 32 512 Q1=72 Q2=64 Thanks BSD Networking, Microsoft Notworking
Re: [squid-users] storeDiskdSend OPEN: (35) Resource temporarily unavailable
Hm! Well, I can't help you with the diskd issue, but diskd is still unstable under high load. You're probably better off using aufs on FreeBSD-6.3. Adrian On Sun, Jan 20, 2008, Monah Baki wrote: Hi all, I'm running squid 2.6-stable17 on Freebsd 6.3. Machine is a 500MHz with 512MB RAM. ./configure --prefix=/usr/local/squid --enable- storeio=ufs,coss,diskd,null --enable-underscores --with-large-files -- enable-large-cache-files --enable-delay-pools --disable-ident-lookups --enable-snmp --enable-cache-digests --enable-underscores --enable- kill-parent-hack --enable-removal-policies --enable-async-io -- enable-kqueue --enable-follow-x-forwarded-for I just have squid displaying the following error message: 2008/01/20 18:24:15| storeDiskdSend OPEN: (35) Resource temporarily unavailable 2008/01/20 18:24:15| storeDiskdSend: msgsnd: (35) Resource temporarily unavailable 2008/01/20 18:24:15| assertion failed: diskd/store_io_diskd.c:541: + +send_errors 100 jubilee# ipcs -a Message Queues: T ID KEY MODEOWNERGROUPCREATOR CGROUP CBYTES QNUM QBYTESLSPIDLRPID STIMERTIMECTIME q 524288 942080 --rwa-- nobody nobody nobody nobody 1280 40 2048 920 927 18:05:08 18:05:08 7:34:35 q 524289 942081 --rwa-- nobody nobody nobody nobody00 2048 927 920 18:05:08 18:05:08 7:34:35 Shared Memory: T ID KEY MODEOWNERGROUPCREATOR CGROUP NATTCHSEGSZ CPID LPID ATIME DTIMECTIME m 524288 942082 --rw--- nobody nobody nobody nobody1 339968 920 927 7:34:35 18:05:28 7:34:35 Semaphores: T ID KEY MODEOWNERGROUPCREATOR CGROUP NSEMS OTIMECTIME There's only 4 users on this server, and it's been running for quite sometime now. I read that I need to increase the message queue limits, Im presuming it's the kern.ipc.msgmnb=16384. How can I monitor system before anything happens. I can run squidclient mgr:info, but what do I need to look for. Configured thee system with following parameters: kern.ipc.nmbclusters: 65536 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.ip.portrange.last=65535 kern.ipc.somaxconn=2048 kern.maxvnodes=10 kern.ipc.msgmnb=16384 kern.ipc.msgmni=40 kern.ipc.msgseg=512 kern.ipc.msgssz=64 kern.ipc.msgtql=2048 options SHMSEG=16 options SHMMNI=41 options MSGSSZ=64 options MSGTQL=512 options MSGSEZ=2048 options SHMMNI=40 options SHMMAX=2097152 options SHMALL=4096 options MAXFILES=8192 options NMBCLUSTERS=32768 options MSGMNB=16384 options VFS_AIO In my squid.conf: cache_dir diskd /usr/local/squid/var/cache 28000 32 512 Q1=72 Q2=64 Thanks BSD Networking, Microsoft Notworking -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Re: [squid-users] mime-type based delay pools
I followed this discussion: [squid-users] Re: Re: Cache Streaming Video? (http://www.squid-cache.org/mail-archive/squid-users/200701/0154.html). Seems that making the maximum_object_size higher has an effect, so I have set it to 50 MB. Calamaris says youtube.com is getting a hit of 40%. But the problem is not just youtube. People do download 100 MB+ files. I want to test whether separating text/* mimetypes from the others and putting the other mimetypes on a separate, bandwidth limited stream would help. On Jan 20, 2008 9:44 PM, Adrian Chadd [EMAIL PROTECTED] wrote: The first thing I'd do before looking at delay pools is to grab a few days of logfiles, pass them through calamaris or something similar and generate some traffic reports. If youtube is a big bandwidth hog then you may benefit from some of my work to make Squid cache youtube. Adrian On Sun, Jan 20, 2008, Amitava Bhattacharyya wrote: Hi! I am a member of the Student Network Club at our institute. We are facing problems related to slow access speeds, even though the bandwidth is not so less (12 Mbps for students). We decided to set up our own proxy server (since getting authorization to access/modify the institute servers would take quite some time) to monitor utilization. As part of this exercise, we would also like to implement delay pool based bandwidth management. Since it is very likely that big downloads and youtube are eating up the bandwidth, will a mime type based delay pool work in this case? And how exactly do I set it up? For example, if i define two delay pools, one based on based on hostel IPs and the other on mime-types (question: would this be a class 1 delay pool?), and say give limit of 16 kBps / 4 MB for the downloads stream, how will this be enforced? Will this mean that _every_ download less than 4 MB goes un-delayed, and beyond that it fills up at 16 kBps? -- Best regards, Amitava Bhattacharyya PGP Class of 2008, Indian Institute of Management Bangalore J-310, Hostel Blocks, IIM Bangalore Bangalore, Karnataka 560076 INDIA +919986695721 -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - -- Best regards, Amitava Bhattacharyya PGP Class of 2008, Indian Institute of Management Bangalore J-310, Hostel Blocks, IIM Bangalore Bangalore, Karnataka 560076 INDIA +919986695721
Re: [squid-users] storeDiskdSend OPEN: (35) Resource temporarily unavailable
On Mon, Jan 21, 2008, Tek Bahadur Limbu wrote: Hi Monah, Monah Baki wrote: Hi all, I'm running squid 2.6-stable17 on Freebsd 6.3. Machine is a 500MHz with 512MB RAM. Don't you think that your system is a little low on resources even for a low number of users? :P I dunno, I'm getting my Squid development branch to handle ~30mbit on a piii-600 celeron class box. Its just a shame the disk code is horrible at the moment :) Adrian
Re: [squid-users] storeDiskdSend OPEN: (35) Resource temporarily unavailable
Hi Monah, Monah Baki wrote: Hi all, I'm running squid 2.6-stable17 on Freebsd 6.3. Machine is a 500MHz with 512MB RAM. Don't you think that your system is a little low on resources even for a low number of users? ./configure --prefix=/usr/local/squid --enable-storeio=ufs,coss,diskd,null --enable-underscores --with-large-files --enable-large-cache-files --enable-delay-pools --disable-ident-lookups --enable-snmp --enable-cache-digests --enable-underscores --enable-kill-parent-hack --enable-removal-policies --enable-async-io --enable-kqueue --enable-follow-x-forwarded-for I think it's better to use --enable-storeio=ufs,aufs,coss,diskd,null and remove --enable-async-io. I just have squid displaying the following error message: 2008/01/20 18:24:15| storeDiskdSend OPEN: (35) Resource temporarily unavailable 2008/01/20 18:24:15| storeDiskdSend: msgsnd: (35) Resource temporarily unavailable 2008/01/20 18:24:15| assertion failed: diskd/store_io_diskd.c:541: ++send_errors 100 I have seen these error logs due to DISKD in the past. It went away after I switched to UFS. jubilee# ipcs -a Message Queues: T ID KEY MODEOWNERGROUPCREATOR CGROUP CBYTES QNUM QBYTESLSPIDLRPID STIMERTIMECTIME q 524288 942080 --rwa-- nobody nobody nobody nobody 1280 40 2048 920 927 18:05:08 18:05:08 7:34:35 q 524289 942081 --rwa-- nobody nobody nobody nobody00 2048 927 920 18:05:08 18:05:08 7:34:35 Shared Memory: T ID KEY MODEOWNERGROUPCREATOR CGROUP NATTCHSEGSZ CPID LPID ATIME DTIMECTIME m 524288 942082 --rw--- nobody nobody nobody nobody1 339968 920 927 7:34:35 18:05:28 7:34:35 Semaphores: T ID KEY MODEOWNERGROUPCREATOR CGROUP NSEMS OTIMECTIME There's only 4 users on this server, and it's been running for quite sometime now. I read that I need to increase the message queue limits, Im presuming it's the kern.ipc.msgmnb=16384. How can I monitor system before anything happens. I can run squidclient mgr:info, but what do I need to look for. Configured thee system with following parameters: kern.ipc.nmbclusters: 65536 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.ip.portrange.last=65535 kern.ipc.somaxconn=2048 kern.maxvnodes=10 kern.ipc.msgmnb=16384 kern.ipc.msgmni=40 kern.ipc.msgseg=512 kern.ipc.msgssz=64 kern.ipc.msgtql=2048 options SHMSEG=16 options SHMMNI=41 options MSGSSZ=64 options MSGTQL=512 options MSGSEZ=2048 options SHMMNI=40 options SHMMAX=2097152 options SHMALL=4096 options MAXFILES=8192 options NMBCLUSTERS=32768 options MSGMNB=16384 options VFS_AIO Did you compiled your kernel or are you loading these tunables dynamically? I really am not an expert on this kernel compilation with FreeBSD. But I use the following values: options SHMSEG=128 options SHMMNI=256 options SHMMAX=50331648 # max shared memory segment size (bytes) options SHMALL=16384 # max amount of shared memory (pages) options MSGMNB=16384 # max # of bytes in a queue options MSGMNI=48 # number of message queue identifiers options MSGSEG=768 # number of message segments options MSGSSZ=64 # size of a message segment options MSGTQL=4096 # max messages in system But I guess they are not relevant with 6.x because they are tunables which you can load dynamically. In the end if DISKD does not work for you, then I guess you should use UFS, AUFS or COSS. Since you only have 4 users, all of them will work fine for you... Thanking you... In my squid.conf: cache_dir diskd /usr/local/squid/var/cache 28000 32 512 Q1=72 Q2=64 Thanks BSD Networking, Microsoft Notworking -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] mime-type based delay pools
On Mon, Jan 21, 2008, Amitava Bhattacharyya wrote: I followed this discussion: [squid-users] Re: Re: Cache Streaming Video? (http://www.squid-cache.org/mail-archive/squid-users/200701/0154.html). Seems that making the maximum_object_size higher has an effect, so I have set it to 50 MB. Calamaris says youtube.com is getting a hit of 40%. But the problem is not just youtube. People do download 100 MB+ files. I want to test whether separating text/* mimetypes from the others and putting the other mimetypes on a separate, bandwidth limited stream would help. I thought squid-3 had some class 4 delay pool stuff to make this a possibility right now. You can fake it though, with tcp_outgoing_tos based ACLs. You set the TOS (or select another IP!) for certain mime types, and then rate limit that IP address. (I've done the latter quite successfully. ;) Adrian On Jan 20, 2008 9:44 PM, Adrian Chadd [EMAIL PROTECTED] wrote: The first thing I'd do before looking at delay pools is to grab a few days of logfiles, pass them through calamaris or something similar and generate some traffic reports. If youtube is a big bandwidth hog then you may benefit from some of my work to make Squid cache youtube. Adrian On Sun, Jan 20, 2008, Amitava Bhattacharyya wrote: Hi! I am a member of the Student Network Club at our institute. We are facing problems related to slow access speeds, even though the bandwidth is not so less (12 Mbps for students). We decided to set up our own proxy server (since getting authorization to access/modify the institute servers would take quite some time) to monitor utilization. As part of this exercise, we would also like to implement delay pool based bandwidth management. Since it is very likely that big downloads and youtube are eating up the bandwidth, will a mime type based delay pool work in this case? And how exactly do I set it up? For example, if i define two delay pools, one based on based on hostel IPs and the other on mime-types (question: would this be a class 1 delay pool?), and say give limit of 16 kBps / 4 MB for the downloads stream, how will this be enforced? Will this mean that _every_ download less than 4 MB goes un-delayed, and beyond that it fills up at 16 kBps? -- Best regards, Amitava Bhattacharyya PGP Class of 2008, Indian Institute of Management Bangalore J-310, Hostel Blocks, IIM Bangalore Bangalore, Karnataka 560076 INDIA +919986695721 -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - -- Best regards, Amitava Bhattacharyya PGP Class of 2008, Indian Institute of Management Bangalore J-310, Hostel Blocks, IIM Bangalore Bangalore, Karnataka 560076 INDIA +919986695721 -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -