On Fri, 21 Nov 2003, Nikos Mouat wrote: > is it possible to add a maxconn such that any individual IPs within these > ranges are limitted to 100 or so connections, or does that apply to the > entire ACL??
You can combine maxconn with a src type acl to do pretty much anything you like along the lines discussed. acl limited_users_1 src .... acl maxconn_users_1 maxconn 100 http_access deny limited_users_1 maxconn_users_1 acl limited_users_2 src ... acl maxconn_users_2 maxconn 150 http_access deny limited_users_2 maxconn_users_2 etc for as many different maxconn levels you want to have.. > I don't want to have to add each IP as its own ACL. You never need to do that. The src acl type takes a list of IPs, IP-ranges and networks. If any matches the client IP then the acl is true. Regards Henrik