Re: [squid-users] delay_access url_regex acl
>>> Definitely the regex bits then. >> >> If you post the whitelist.no_limit we are able to see if there is >> room for improvement. >> Usually there is. > >FYI he did. It was two domain names :( > Ok here is what I did after considering your replies: acl whitelist.no_limit dstdomain "/etc/squid3/etc/whitelist.no_limit" #cat /etc/squid3/etc/whitelist.no_limit #www.microsoft.com #cdimage.debian.org delay_pools 1 delay_class 1 2 delay_parameters 1 3145728/3145728 51200/51200 delay_access 1 allow !whitelist.no_limit delay_access 1 deny all I removed the line working on a authentication group to limit the risk of potential errors. I replaced the regex acl by a dstdomain one (now ther no more ambiguity concerning wether or the Regex works). With the above configuration, the 50ko/s limitation per user is applied even on www.microsoft.com and cdimage.debian.org. Thank in advance for your help, Best Regards, Marc.
Re: [squid-users] delay_access url_regex acl
>>> Definitely the regex bits then. >> >> If you post the whitelist.no_limit we are able to see if there is >> room for improvement. >> Usually there is. > >FYI he did. It was two domain names :( > Ok here is what I did after considering your replies: acl whitelist.no_limit dstdomain "/etc/squid3/etc/whitelist.no_limit" #cat /etc/squid3/etc/whitelist.no_limit #www.microsoft.com #cdimage.debian.org delay_pools 1 delay_class 1 2 delay_parameters 1 3145728/3145728 51200/51200 delay_access 1 allow !whitelist.no_limit delay_access 1 deny all I removed the line working on a authentication group to limit the risk of potential errors. I replaced the regex acl by a dstdomain one (now ther no more ambiguity concerning wether or the Regex works). With the above configuration, the 50ko/s limitation per user is applied even on www.microsoft.com and cdimage.debian.org. Thank in advance for your help, Best Regards, Marc.
Re: [squid-users] delay_access url_regex acl
>> Hello, >> >> I am currently facing some troubles will using Squids >> feature to manage bandwidth (delay_pools, delay_access, ...) >> >> I would like to apply a 50kbytes/s limitation to each >> users and a global 3Mbytes/s limitation. >> There is a authentication group (I am working with NTLM >> authentication) for which I apply no limit. >> Here is the conf : >> acl InternetAdmin external InetGroup Internet_Admin >> >> delay_pools 1 >> delay_class 1 2 >> delay_parameters 1 3145728/3145728 51200/51200 >> delay_access 1 allow !InternetAdmin >> delay_access 1 deny all >> >> This works fine. > >You sure? delay_access does not do external ACL lookups for the auth. There >must be a matching http_access test to perform the lookups and cache them >first. Yes the http_access rule is the following : http_access allow InternetAdmin > >> Now I want to allow all user to download at normal speed >> on some sites. >> acl whitelist.no_limit url_regex >> "/etc/squid3/etc/whitelist.no_limit" # "/etc/squid3/etc/whitelist.no_limit >> contains list of sites with no BW limit >> >> delay_pools 1 >> delay_class 1 2 >> delay_parameters 1 3145728/3145728 51200/51200 >> delay_access 1 allow !whitelist.no_limit !InternetAdmin >> delay_access 1 deny all > >This looks correct for delay_access. Is a bit non-intuitive though. > >Try this for easier reading later: > delay_access 1 deny whitelist.no_limit > delay_access 1 deny InternetAdmin > delay_access 1 allow all > I also tested this option (with the sale result) I even removed the InternetAdmin line (still the same result) >> >> However with such configuration all sites (even those in >> whitelist.no_limit) are limited in bandwidth. > >I suspect some error in the regex patterns. Check for patterns that are short >and could match anywhere. Post the whitelist here if you want any help with >the check. > I don't think there is any possible missmatch with those regex (I used "http://download.tuxfamily.org/notepadplus/5.9/npp.5.9.Installer.exe"; to test a non-whitelisted url) cat /etc/squid3/etc/whitelist.no_limit www.microsoft.com cdimage.debian.org >Alternatively if you added the whitelist to http_access as well it could have >screwed with the http_access login lookup. Making login unavailable and always >fail at the delay_access check. Most of the url in the whitelist.no_limit are also whitelisted somewhere in a http_access. > >> >> Thank in advance for your help, >> Best Regards, >> Marc. >> >> Debian Lenny: 2.6.26-2-686 >> Squid Cache: Version 3.0.STABLE8 > > >Amos >-- Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.7 and 3.1.12.1
[squid-users] delay_access url_regex acl
Hello, I am currently facing some troubles will using Squids feature to manage bandwidth (delay_pools, delay_access, ...) I would like to apply a 50kbytes/s limitation to each users and a global 3Mbytes/s limitation. There is a authentication group (I am working with NTLM authentication) for which I apply no limit. Here is the conf : acl InternetAdmin external InetGroup Internet_Admin delay_pools 1 delay_class 1 2 delay_parameters 1 3145728/3145728 51200/51200 delay_access 1 allow !InternetAdmin delay_access 1 deny all This works fine. Now I want to allow all user to download at normal speed on some sites. acl whitelist.no_limit url_regex "/etc/squid3/etc/whitelist.no_limit" # "/etc/squid3/etc/whitelist.no_limit contains list of sites with no BW limit delay_pools 1 delay_class 1 2 delay_parameters 1 3145728/3145728 51200/51200 delay_access 1 allow !whitelist.no_limit !InternetAdmin delay_access 1 deny all However with such configuration all sites (even those in whitelist.no_limit) are limited in bandwidth. I also tried a second configuration with 2 delay pool (and I have the same problem) : delay_pools 2 delay_class 1 1 delay_class 2 2 delay_parameters 1 -1/-1 delay_parameters 2 3145728/3145728 51200/51200 delay_access 1 allow InternetAdmin whitelist.no_limit delay_access 1 deny all delay_access 2 allow !InternetAdmin !whitelist.no_limit delay_access 2 deny all Am I doing something wrong? Thank in advance for your help, Best Regards, Marc. Debian Lenny: 2.6.26-2-686 Squid Cache: Version 3.0.STABLE8