Download limits in Squid3
Hi..everybody,
I am running squid-3.1.11 on ubuntu 11.04 as transparent proxy. I need rules in which there is no restrictions in size for some authorized PCs even during office hours and there is no restrictions in size to others after office hours. First I tried Code:
reply_body_max_size 100 MB Code:
acl officehours time 09:00-18:00 |
try this
Code:
acl official_hours time 09:00-18:00 Code:
acl M1 arp 01:02:03:04:05:06 Code:
acl our_networks src 192.168.0. |
Hi..Deepak, Thanks for the reply.
Code:
acl official_hours time 09:00-18:00 I don't want this, I want 2 rules 1) I want to allow download upto only 100 MB for everyone during 9AM to 6PM. After 6PM to 9AM everyone should be able download large files even it is more than 100MB in size. 2) There should not be any download limitation for some authorized PCs even during office hours and these authorized PCs should be able to download even more than 100MB files at any time. If I try this below Code:
acl official_hours time 09:00-18:00 Code:
service squid3 restart Code:
acl official_hours time 09:00-18:00 So please help me to add 2 rules that I have requested in the beginning. |
for business hours, users will have 100 MB download limit and important users will have full access to download
Code:
acl official_hours time 09:00-18:00 for non business hours no download limit Code:
acl non_official_hours time 18:01-08:59 users having access Code:
acl imp_users src 192.168.0.81 |
Thanks for the reply deepak,
Code:
acl official_hours time 09:00-18:00 Code:
#service squid3 restart Code:
reply_body_max_size 100 MB So I also tried by putting "!imp_users", 100 MB instead of 104857600, 0 instead of none. but none of the rule is applying. I request you to check it once with squid-3.1.11 and please let me know if those two rules are applying in your machine. |
sorry for replying late, I was on leave from office
You can try the following syntax as the mistake is again mine I never checked your distro as the syntax which I was using works on RHEL In ubuntu allow syntax is not recognized as you can see the error by yourself Code:
2011/12/08 20:42:55| aclParseAclList: ACL name 'allow' not found. Code:
acl official_hours time 09:00-18:00 Code:
acl non_official_hours time 18:01-08:59 |
go through this tutorial for squid download size limiting...
http://servercomputing.blogspot.com/...xy-server.html |
Code:
acl official_hours time 09:00-18:00 Code:
acl non_official_hours time 18:00-23:59 Thanks a lot. The above rules are working fine. I tried also with a file and mentioned imp_users IPs. Now those imp_users IPs which are listed in /etc/squid3/.imp_users file can download unlimited size at any time while others can only upto 100 MB during office hours. After office hours others also can download unlimited size. This is what I had expected from Linux guru's. Thanks Deepak. But still others can download using https while getting error for http using same url even it is more than 100 MB and also even I have prevented some suffixes in a file like this in squid.conf. Code:
acl denied_suffixes url_regex "/etc/squid3/.denied_suffixes" Code:
cat /etc/squid3/.denied_suffixes For example others are prevented from download with "http://ftp-stud.hs-esslingen.de/pub/Mirrors/ftp.openoffice.org/stable/3.3.0/OOo_3.3.0_Linux_x86_install-rpm-wJRE_en-US.tar.gz" but they can download with "https://ftp-stud.hs-esslingen.de/pub/Mirrors/ftp.openoffice.org/stable/3.3.0/OOo_3.3.0_Linux_x86_install-rpm-wJRE_en-US.tar.gz" So it would be much better if you could post a rule to prevent downloads using https which is more than 100 MB and prevented during office hours. I will be waiting for your kind reply Once again thank you very much.:) |
Quote:
This site is very useful. I could prevent youtube videos for unauthorized users during office hours. But not with metacafe.com. Could you please guide me or send me an url by which I will be able to prevent other site's flash videos. I added rule to block https://facebook.com using Code:
acl badsites dstdomain .facebook.com I also added Code:
http_reply_access deny badsites So could you please help me in this to block https://facebook.com |
Even I was new to this problem which you mentioned.
I never noticed that squid was only blocking http and allowing https I don't know if this would be helpful as it works in my machine you can block the access to port 443 which is for ssl during office hours. i.e give the access to http and https only to important users and deny to all others and after office hours everyone will have full access Code:
acl bad_port port 443 Code:
#acl Safe_ports port 443 # https Code:
#cd /etc/squid |
Hi..Deepak, Thanks for the reply
Code:
acl bad_port port 443 Code:
#acl Safe_ports port 443 # https Code:
#cd /etc/squid |
hey really glad to help
can you help me with configuring squid as transparent proxy because sometimes I face problem with that in my machine RHEL 5.2 what are the steps needed to be followed for transparent proxy? |
1 Attachment(s)
Hi..Deepak me too glad to help.
I followed this link. I just copied the script and executed. Here is the my configuration Code:
eth0(internet) I just changed the server IP in script as 192.168.0.1 because I have given in squid.conf file as acl my_lan src 192.168.0.1/24. I executed the script now everything ftp, mail clients and all working fine. I went for transparent mode because I struggled a lot to enable mail client access with IPTable rules. If the mail clients are working fine for you please help me how to with IPTable rules in non transparent mode. In RedHat based O/S for transparent mode you have to put these 4 lines Code:
httpd_accel_host virtual Code:
http_port 3128 transparent |
Thanks for your help I will try your suggestion, as these for my personal practice so once I am through with my work I'll give a update
:) I am quite confused with the term mail client+squid by mail client do you mean outlook, Thunderbird ? do you face problem using these mail clients with non transparent squid ? if you can tell me where you face errors or what sort of errors as I had connected thunderbird with my sendmail and was working fine but no idea about using squid and mail clients If you can be little more specific I might help:) |
Code:
I am quite confused with the term mail client+squid But I am not able send/recieve while I am on non transparent mode. Just think, for non transparent I'll just install squid and configure the squid.conf file and doing nothing with IPTable rules and the client machine can access internet only then if they configure browser settings. But in this condition the mail client does not work. I request you to check it once by configuring your gmail/yahoomail account with thunderbir/outlook without trasparent mode. If you are able send/receive mails then please let me know that how you could do it. As I found in the google search there is nothing to do with squid.conf for mail client access since squid does not proxy pop3, imap and smtp. So I think these protocol should masquerade in the nat table. But I dont have much experience with IPTable rules. I need such setup that the client machine can access internet only then if they configure browser settings, and also mail client should works fine. I will be waiting for your kind reply. |
All times are GMT -5. The time now is 09:06 AM. |