RE: [squid-users] ACL combination to block mail extractors

Thanks Henrik,

I think I understand what you mean, I went through some of your past posts
on the subject of Delay pools and I was able to configure the parameters
below. I hope to restrict effective speed for each client to 16kbps and I
have a total downlink of 256kbps, I have certain webservers running on the
two machines I listed in my "undelay" acl, which I wish to have maximum
speed to.

I have tried it out, and it seems to be working. I just wanted to say
thanks, and know if the settings were okay, or if there were any
recommendations you might want to give me for optimization of performance.

acl delayed_clients src 192.168.0.5-192.168.0.253
acl undelay dst 192.168.0.1 192.168.0.254
delay_pools 1
delay_class 1 2
delay_access 1 deny undelay
delay_access 1 allow delayed_clients
delay_access 1 deny all
delay_parameters 1 32000/32000 2000/64000

I'll really appreciate a reply from you.

Thanks once again.

Ade.

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Thursday, October 07, 2004 6:35 PM
To: Adeoye Oke
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] ACL combination to block mail extractors

On Wed, 6 Oct 2004, Adeoye Oke wrote:

> I have a problem with some users who come into the café and run email
> extractors, which hog all the available bandwidth. I have tried using
> delay pools to restrict maximum bandwidth per user, but this is not
> very desirable, as the overall browsing experience becomes slow, since
> no single client can utilize all the bandwidth for a short period.

Sounds to me like delay pools is exacly what you are looking for.

with delay pools you can make Squid limit clients who use too much bandwidth
over a certain period of time. If they are not hogging the bandwidth they
will compete like normal for the available bandwidth.

This is done by having a suitably large pool size with a relatively small
refill factor.

> I have also recently tried using the maxcon statement to limit number
> of connections, but certain websites make a single browser initiate up
> to 10 connections and hence with only 3 windows they may reach the
> limit of 20 connections I set, hence it also affect legitimate browsing
customers.

Sounds like you have client stations with wrongly configured browsers.

MSIE by default does not open more than 4 connections per session as
mandated by the HTTP standard. A new session is normally only started by
clicking on the MSIE icon.

This can be tuned in the registry, and often is set "unlimited" by some so
called download accelerators and the like.

Regards
Henrik
Received on Fri Oct 08 2004 - 10:15:15 MDT