Squid - Delay Pools and External Group Helper

This is Interesting: Free IT Magazines  
Home > Archive > Squid > November 2005 > Delay Pools and External Group Helper





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Delay Pools and External Group Helper
Christopher Vaughan

2005-11-30, 5:49 pm

We have a few users who abuse the web access we provide, and I was
looking to use delay pools to throttle their connections.
Unfortunately, I cannot throttle based on IP address, since we are in a
terminal services environment, and have dozens of users logged into a
single Windows server.

Reading the documentation, it looks like delay pools use the users IP
address exclusively to put them in a pool, but in hopes that some magic
mojo might have been compiled in, I tried the following configuration:

acl webAbusers external ntgroup_helper WebAbusers
delay_pools 1
delay_class 1 2
delay_parameters 1 16384/16384 2000/2000
delay_access 1 allow webAbusers

But, there appears to be no throttling happening.

squid -v reports:
Squid Cache: Version 2.5.STABLE6
configure options: --build=i386-redhat-linux --host=i386-redhat-linux
--target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr
--exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
--sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include
--libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var
--sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
--libexecdir=/usr/lib/squid --localstatedir=/var
--sysconfdir=/etc/squid --enable-poll --enable-snmp
--enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
--with-openssl=/usr/kerberos --enable-delay-pools
--enable-linux-netfilter --with-pthreads
--enable-ntlm-auth-helpers=SMB,winbind
--enable-external-acl- helpers=ip_user,ldap_group,unix_group,wb
info_group,winbind_group
--enable-auth=basic,ntlm --with-winbind-auth-challenge
--enable-useragent-log --enable-referer-log
--disable-dependency-tracking --enable-cachemgr-hostname=localhost
--disable-ident-lookups --enable-truncate --enable-underscores
--datadir=/usr/share
--enable-basic-auth- helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwn
am,multi-domain-NTLM,SASL,winbind

So, delay groups are enabled. I also know my ntgroup helper works,
since we are using it for other ACLs.

Am I out of luck?

Thanks in advance.
Chris

Grumpy Chris

2005-11-30, 5:49 pm


> So, delay groups are enabled. I also know my ntgroup helper works,
> since we are using it for other ACLs.
>
> Am I out of luck?

Ok. I answered my own question. It looks like support for this will be
in Squid 3.0 as "Class 4 Delay Pools".

See: http://www.squid-cache.org/mail-arc...00302/0136.html
if anyone else stumbles across this and needs an answer.

Thanks!

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com