On 5/03/2012 8:33 p.m., Jiang Wen Dong wrote:
This is not what I want.
I want proxy_auth user maxconn=100, others maxconn=50.
Yes. That is what the config I wrote does.
# if user has connections >= 100, deny even if logged in
# else if user is logged in, allow (up to 100)
# else if connections >= 50, deny more than 50 connections
(extra lines are for good security, allowing random person on The
Internet 50 connections is not good)
# else other local clients, allow
# else deny
Amos
-----邮件原件-----
发件人: Amos Jeffries
On 05.03.2012 14:16, Jiang Wen Dong wrote:
My English is not good, hope you can understand what I'm saying.
I want to set default maxconn=50, and maxconn=100 for proxy_auth user.
If I set default maxconn before proxy_auth, then proxy_auth user get
maxconn=50, not maxconn=100.
If I set default maxconn after proxy_auth, every user get a auth
dialog window, which I do not want it show for !proxy_auth user.
How to set different maxconn number of proxy_auth user from default
maxconn?
You are thinking about this backwards. Place the widest "everybody"
limitations first. Then the highest privileged allow permissions. Then repeat
as you gradually restrict things.
Like this:
acl login proxy_auth REQUIRED
acl 100cc maxconn 100
acl 50cc maxconn 50
# nobody allowed more than 100 connections
http_access deny 100cc
# login users the only ones allowed more than 50
http_access allow login
http_access deny 50cc
# then other LAN clients...
http_access allow localnet
# everything not permitted yet is not trusted for any access.
http_access deny all
Amos
