ary 15, 2016 3:13 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Maxconn Parameter behaviour with NAT
On 14.01.16 16:58, Murat Balkan wrote:
>I want to limit the users with the Maxconn parameters. But the users
>are NATed behind a public IP address. Is squid just looking
On 19/01/2016 5:19 a.m., Murat Balkan wrote:
> Hi Squid experts,
>
> Can you please tell me if below scenario is possible to be implemented in
> Squid?
>
> <--> User 1 enters the proxy, browses some pages.
> <--> User 2 tries to enter, and he receives a reject.
> <--> User1 stops browsing
On 16/01/2016 4:11 a.m., Murat Balkan wrote:
> Hi,
>
> Thanks for the response.
> What I want to achieve is to prevent 2 users enter with the same username
> simultaneously.
User usernames are unique. Same username == same user.
There cannot be a second user with same username.
However:
AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Maxconn Parameter behaviour with NAT
On 14.01.16 16:58, Murat Balkan wrote:
>I want to limit the users with the Maxconn parameters. But the users
>are NATed behind a public IP address. Is squid just looking at the IP
>a
On 14.01.16 16:58, Murat Balkan wrote:
I want to limit the users with the Maxconn parameters. But the users are
NATed behind a public IP address. Is squid just looking at the IP address
or can it also use the username to figure out if it should apply the
maxconn?
maxconn uses clients'
On 16/04/2012 9:23 p.m., FredB wrote:
Hi,
I read that maxconn directive use only the direct IP addresses, my problem is
that I'm working with Danguardian tool for filtering and it works before squid.
Previously I had this (almost) kind of problem with delay pools resolved by an
acl on ldap
maxconn is a inbound connection limit. Squid cannot reasonably
control
TCP connections which are made by other software to DG since Squid
has
no part in those connections. There is simply no relevance limiting
maxconn on anything except the real TCP/IP details.
Yes, but like there is a
On 17.04.2012 03:37, FredB wrote:
maxconn is a inbound connection limit. Squid cannot reasonably
control
TCP connections which are made by other software to DG since Squid
has
no part in those connections. There is simply no relevance limiting
maxconn on anything except the real TCP/IP details.
Bit suspicious yes.
Tried apachebench (ab) with concurrency level 10? or anything like
that
which can guarantee multiple simultaneous connections for the test?
Amos
Yes, a little script who make many wget recursive + I navigate with
firefox, after I watch access.log and read
Duration and overlap of those connections matters. If they were all
serviced in less than 100ms and closed it is possible they all took
place one after another sequentially with no more than 1 open at a
time.
maxconn allows up to 3 *simultaneous* connections. Opening three then
closing
On 13.03.2012 21:38, FredB wrote:
Duration and overlap of those connections matters. If they were all
serviced in less than 100ms and closed it is possible they all took
place one after another sequentially with no more than 1 open at a
time.
maxconn allows up to 3 *simultaneous* connections.
Bit suspicious yes.
Tried apachebench (ab) with concurrency level 10? or anything like
that
which can guarantee multiple simultaneous connections for the test?
Amos
Yes, a little script who make many wget recursive + I navigate with firefox,
after I watch access.log and read 20 cnx by
On 13.03.2012 06:03, FredB wrote:
Hi all,
Maxconn seems doesn't works with last squid 3.2.0.16
I'm trying
acl userslimit src 192.168.0.0/16
acl 3conn maxconn 3
http_access deny 3conn userslimit
client_db on
grep 192.168.80.194 /var/log/squid/access.log | grep 2012:17:48:43 |
wc -l
10
And
Amos,
I have been trying to send my squid.conf to your personal email but
your system won't let it through.
The error that the other server returned was: 550 550 5.7.1 SPF-Strict
Policy Denied
and I have SPF entries in my DNS...
I don't want to send my conf file to the entire list... how can I
On 21/12/10 06:15, Jason Greene wrote:
So what do you recommend as a solution?
The only line I have in my conf that has ssl in it is this
acl SSL_ports port 443 563
I'd recommend adding back in the basic security for CONNECT requests
then. The config order can be found here:
So what do you recommend as a solution?
The only line I have in my conf that has ssl in it is this
acl SSL_ports port 443 563
but I have these port as safe
acl Safe_ports port 443 563
How do I allow the connection thru SSL ports but close them down
enough to not get a HTTP Proxy CONNECT Loop
On Thu, Dec 16, 2010 at 7:41 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 17/12/10 10:38, Jason Greene wrote:
I m trying to close a security hole
I want to use maxconn on ALL IPs
acl limitusercon maxconn 3
http_access deny all limitusercon
Testing the all there is not useful. That
It doesn't make sense... I set the limit to 50 and I run my scan and
the vulnerability shows... I drop it back by 5 and run my scan... it
show until I get to 20...the vulnerability goes away I increase
the limit by 1 until I get to 25 where it shows back up... I drop back
down to 24 ... still
On 18/12/10 04:35, Jason Greene wrote:
On Thu, Dec 16, 2010 at 7:41 PM, Amos Jeffriessqu...@treenet.co.nz wrote:
On 17/12/10 10:38, Jason Greene wrote:
I m trying to close a security hole
I want to use maxconn on ALL IPs
acl limitusercon maxconn 3
http_access deny all limitusercon
On 17/12/10 10:38, Jason Greene wrote:
I m trying to close a security hole
I want to use maxconn on ALL IPs
acl limitusercon maxconn 3
http_access deny all limitusercon
Testing the all there is not useful. That should be just:
http_access deny limitusercon
... making sure its placed at
ons 2006-05-10 klockan 11:29 +0700 skrev Lazuardi Nasution:
Regarding the 3rd scenario, how to count cache_peer_access/miss_access
connections per client ? I just want to limit only
cache_peer_access/miss_access connections but not total connections from each
client.
You then first need to
Regarding the 3rd scenario, how to count cache_peer_access/miss_access
connections per client ? I just want to limit only
cache_peer_access/miss_access connections but not total connections from each
client.
Quoting Henrik Nordstrom [EMAIL PROTECTED]:
tis 2006-04-04 klockan 09:28 +0700 skrev
tis 2006-04-04 klockan 09:28 +0700 skrev Lazuardi Nasution:
a) Scenario 1:
http_access allow all !myMax
Limits all connections, no matter if its a cache hit or miss..
b) Scenario 2:
http_reply_access allow all !myMax
Dont do this.
c) Scenario 3:
cache_peer_access proxyA allow all !myMAx
On Fri, 10 Sep 2004, Mustafa ERGUC wrote:
I 'am using squid 2.5 stable6 . I want limit the number of connection by
user . I look at the FAQ and I did
what is written at there but it did not work
Describe your meaning of but it dod not work.
maxconn is the number of TCP connection an authenticated
I 'am using squid 2.5 stable6 . I want limit the number of connection by
user .
We can collect the user connection limit with as,
acl aclname maxconn number
Set the user informations with IP-Address as,
acl user-ip src ip-address or ip-address-limit/netmask
Set the http_access setting as,
Will
acl localnet src 172.16.0.0/19
acl ahost src 172.16.1.1
acl conn_15 maxconn 15
http_access deny ahost conn_15
http_access allow localnet
or similar not work for you?
-Original Message-
From: Sergey Matveychuk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 27 July 2004 3:28 PM
Jay Turner wrote:
Will
acl localnet src 172.16.0.0/19
acl ahost src 172.16.1.1
acl conn_15 maxconn 15
http_access deny ahost conn_15
http_access allow localnet
or similar not work for you?
It works, but I have about five hundreds hosts in 172.16.0.0/19. No
other way except add every host in
On Tue, 27 Jul 2004, Sergey Matveychuk wrote:
It works, but I have about five hundreds hosts in 172.16.0.0/19. No
other way except add every host in squid.conf?
Your first attempt makes a limit of 15 connections PER IP, and is what you
want.
Regards
Henrik
On Wed, 14 Jan 2004 [EMAIL PROTECTED] wrote:
Why is this? It seems ridiculous that at the stage of maturity that SQUID has
achieved that it still cant read a sysctl variable to do this dynamically.
Because of wierd dependencies on the fd_set data type and a few other
things.
Regards
Henrik
On Tue, 13 Jan 2004, Paul wrote:
I'd like to limit the total number of connections from anywhere,
and would like some clarification. For example, with the following:
acl connlimit maxconn 2
http_access deny all connlimit
http_access allow !connlimit
maxconn is appplied per source
Thank you very much for your reply, Henrik.
So a ulimit of 1000 ought to limit the total number
of connections to about 300+. Looks like under my
current 2.4 Linux kernel, maximum number of filedescriptors
possible is around 26K, but only 1024 allowed per process:
# sysctl fs.file-max
On Wed, 14 Jan 2004, Paul wrote:
Thank you very much for your reply, Henrik.
So a ulimit of 1000 ought to limit the total number
of connections to about 300+. Looks like under my
current 2.4 Linux kernel, maximum number of filedescriptors
possible is around 26K, but only 1024 allowed per
In a message dated 1/14/04 5:33:19 AM Eastern Standard Time,
[EMAIL PROTECTED] writes:
1024 is the default limit of Linux and many other OS:es.
It can be raised or lowered if you like.
To raise the limit you must also recompile Squid with the limit raised.
Why is this? It seems
This is better:
acl yournet src xxx.xxx.xxx.xxx
acl connlimit maxconn 2
http_access allow yournet !connlimit
http_access deny all
Cheers,
.::DAMK::.
On Tue, 13 Jan 2004 15:21:44 -0800 (PST), Paul [EMAIL PROTECTED] wrote:
I'd like to limit the total number of connections from anywhere,
and would
Thank you for your reply, but I don't think this is what I'm
looking for. What I want has nothing to do with our local net.
We want to limit the *grand total* number of connections to our
squid from *anywhere*, to give it some breathing room, to leave
some memory for other processes, to allow us
To: damk
Cc: [EMAIL PROTECTED]
Subject: Re: [squid-users] maxconn semantics
Thank you for your reply, but I don't think this is what I'm looking
for. What I want has nothing to do with our local net.
We want to limit the *grand total* number of connections to our squid
from *anywhere*, to give it some
On Tue, 16 Dec 2003, Paul wrote:
I've read the FAQ docs and tried several variations like the following:
acl all src 0.0.0.0/0.0.0.0
acl connlimit maxconn 2
http_access deny all connlimit
Any other http_acces rules before this?
The above allows an unlimited number of connections,
Any other http_acces rules before this?
How do you measure the number of connections?
Thank you for taking time to reply, Henrik.
I was using ab (apache benchmark program) to run
the tests, but the file was only a few bytes so
the tests completed too fast. I'm getting correct
maxconn behavior
On Fri, 21 Nov 2003, Nikos Mouat wrote:
is it possible to add a maxconn such that any individual IPs within these
ranges are limitted to 100 or so connections, or does that apply to the
entire ACL??
You can combine maxconn with a src type acl to do pretty much anything you
like along the
On Thursday 26 June 2003 07.16, Aqil wrote:
Now I want to limit my users to make just a certain
number of connections, say 1 connection. So I put in
my squid.conf these lines :
Connections you can limit, but not the number of windows. There is no
real connection between the number of windows
40 matches
Mail list logo