Re: [squid-users] Squid allow only 2 max connections per IP

[Chris Robertson]

eXtremer wrote:
Here is my config:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 444
acl Safe_ports port 80          # http
#acl Safe_ports port 21         # ftp
acl Safe_ports port 443 563     # https, snews
#acl Safe_ports port 70         # gopher
#acl Safe_ports port 210                # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280                # http-mgmt
#acl Safe_ports port 488                # gss-http
#acl Safe_ports port 591                # filemaker
#acl Safe_ports port 777                # multiling http
acl CONNECT method CONNECT

#-------------Conectiuni maxime per IP-------------
acl maxcon maxconn 2

#--------------Reteaua 145------------------
acl 145a src "/etc/squid/allow/145a.allow"  
acl 145b src "/etc/squid/allow/145b.allow"

acl 145c src 192.168.41.200/32
  
#-----------------------Restrictions-----------------------

#---Restrictie ptr conectiuni maxime----
http_access deny maxcon all
  

The "all" here should be the first acl referenced on the line or it will 
prevent your deny_info message from being shown.

e.g. "http_access deny all maxcon"

deny_info ERR_MAXCON maxcon

#---Restrictie ptr toti in afara de sala 145---
http_access deny all !145a !145b !145c !localhost

#Recommended minimum configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports
------------------------------------------------------------------

This is a part of my squid.conf
I don't know but maxcon is not working in my case.
If it's like this : http_access deny maxcon all <= then not even one
connection is allowed.
  

Hmmm... Have you tested this with a single connection downloader (such 
as squid-client) or by using a browser to download a non-referencing 
object (such as an image file)?  This looks like the proper usage of the 
maxconn acl.  You might try upping the debugging (see the debug_options 
on squid.conf), and watch what your cache.log reports).

If it's like this: http_access allow all !maxcon <= then all connection are
allowed.
  

This would not be such a good idea given the way your http_access lines 
are set up, as it would prevent any of the Safe_port and SSL_port checks 
later in the list.

Somebody tell me how to configure in such a way that maxconn feature will
wrk in my case,
waiting for a reply, 10x in advance.

P.S.: client_db is ON.
  

Chris