LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   how to limit downloading in squid proxy. (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-limit-downloading-in-squid-proxy-4175420930/)

Hira Inam 08-07-2012 10:37 PM

how to limit downloading in squid proxy.
 
Dear All, please guide me how to limit downloading in squid proxy through acl.

MY acl for 1 user is as follows:
acl me src 10.16.0.39
reply_body_max_size 52428800 deny me
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
http_access deny blockdownloading
http_access deny blocksites
http_access allow me
http_access deny all

but it is not stoping downling of movie thorugh torrent.

kauuttt 08-08-2012 12:20 AM

Request to please change the subject line. And give some name which is more specific to your problem.
This will help others to help you.

TB0ne 08-08-2012 09:24 AM

Quote:

Originally Posted by Hira Inam (Post 4748591)
Dear All, please guide me how to limit downloading in squid proxy through acl.

MY acl for 1 user is as follows:
acl me src 10.16.0.39
reply_body_max_size 52428800 deny me
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
http_access deny blockdownloading
http_access deny blocksites
http_access allow me
http_access deny all

but it is not stoping downling of movie thorugh torrent.

Right...why should it? Squid is an HTTP proxy...torrents run through different ports, and different protocols. There is one method you can TRY, and it's listed on the Squid website/documentation:
http://www.linux-support.com/cms/blo...squid-proxies/

It blocks the .torrent type through the browsers...but, someone could just copy the link location, fire up their torrent downloader, paste the link in, and bypass it. This is a fairly complex problem, and there have been solutions posted here before:
https://www.linuxquestions.org/quest...-squid-941462/
https://www.linuxquestions.org/quest...-squid-907942/
https://www.linuxquestions.org/quest...rrents-830666/

Hira Inam 08-08-2012 10:59 PM

But i want to limit on downloading not on torrent.

TB0ne 08-09-2012 09:13 AM

Quote:

Originally Posted by Hira Inam (Post 4749531)
But i want to limit on downloading not on torrent.

Then why did you say in your initial question:
Quote:

Originally Posted by Hira Inam
but it is not stoping downling of movie thorugh torrent.

You specifically mentioned torrents, which Squid will not throttle. Again, a good place to start is Google and the Squid documentation...pay particular attention to the delayPools directive:
http://wiki.squid-cache.org/Features/DelayPools

Hira Inam 08-09-2012 10:38 PM

Actually i want that any of my user cant download any file size greater than 20 MB say.

TB0ne 08-10-2012 10:02 AM

Quote:

Originally Posted by Hira Inam (Post 4750497)
Actually i want that any of my user cant download any file size greater than 20 MB say.

If you had asked this question first, it would have saved everyone alot of guessing. And did you try looking this up?? Again, the squid documentation is easy to find and search:

http://www.squid-cache.org/Doc/confi...body_max_size/

Hira Inam 08-10-2012 10:22 PM

Can you please check my acl allowing user1 not to download above 50 MB and allowing boss downloading with full access ?

acl user1 src 10.16.0.39
acl boss src 10.16.0.111
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
reply_body_max_size 52428800 deny user1
reply_body_max_size 52428800 allow boss
http_access deny blockdownloading
http_access deny blocksites
http_access allow user1
http_access allow boss
http_access deny all

TB0ne 08-12-2012 10:34 AM

Quote:

Originally Posted by Hira Inam (Post 4751396)
Can you please check my acl allowing user1 not to download above 50 MB and allowing boss downloading with full access ?

acl user1 src 10.16.0.39
acl boss src 10.16.0.111
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
reply_body_max_size 52428800 deny user1
reply_body_max_size 52428800 allow boss
http_access deny blockdownloading
http_access deny blocksites
http_access allow user1
http_access allow boss
http_access deny all

Better, why don't you implement this ACL and try it for yourself???

Hira Inam 08-12-2012 10:18 PM

I have already implemented it, but the issue is when user1 downloads any movie through utorrent it keeps on downloading with no limit on 50 MB.

TB0ne 08-15-2012 07:43 AM

Quote:

Originally Posted by Hira Inam (Post 4752811)
I have already implemented it, but the issue is when user1 downloads any movie through utorrent it keeps on downloading with no limit on 50 MB.

Did you not understand post #3? Torrents are not running through Squid..you need to block them with different methods. Did you read the links provided in that reply??

ac_kumar 08-15-2012 09:41 AM

are you running squid in transparent mode if yes?
torrents are not blocked by squid but I was able to deal with torrent by implementing squid in non-transparent mode(manually setting proxy in browsers)
as for the downloading problem i used delay_pools which decrease download speed when limit is crossed.

TB0ne 08-15-2012 09:59 AM

Quote:

Originally Posted by ac_kumar (Post 4754715)
are you running squid in transparent mode if yes?

The OP clearly posted rules that require a user ID...which means they're clearly not using transparent mode
Quote:

torrents are not blocked by squid but I was able to deal with torrent by implementing squid in non-transparent mode(manually setting proxy in browsers)
You're confused as to what transparent proxy means, and setting up transparent/non-transparent proxy has ZERO to do with blocking ports. Squid CAN NOT block torrents. It's an http proxy...all you can do is block the .torrent file type, but again (as has been said before), a user can simply cut/paste that link into a torrent client, and bypass squid.
Quote:

as for the downloading problem i used delay_pools which decrease download speed when limit is crossed.
Yes...that was stated to the OP before as well.

ac_kumar 08-15-2012 02:39 PM

Quote:

Originally Posted by TB0ne (Post 4754733)
The OP clearly posted rules that require a user ID...which means they're clearly not using transparent mode

You're confused as to what transparent proxy means, and setting up transparent/non-transparent proxy has ZERO to do with blocking ports. Squid CAN NOT block torrents. It's an http proxy...all you can do is block the .torrent file type, but again (as has been said before), a user can simply cut/paste that link into a torrent client, and bypass squid.

Yes...that was stated to the OP before as well.

I know squid is a http proxy but if you use squid in non-transparent mode by which I mean users has to manually set proxy settings in browsers
torrent downloads can be stopped.
I have used it for stopping torrent downloads. Have tried it even once ..............................!

TB0ne 08-15-2012 02:50 PM

Quote:

Originally Posted by ac_kumar (Post 4754897)
I know squid is a http proxy but if you use squid in non-transparent mode by which I mean users has to manually set proxy settings in browsers torrent downloads can be stopped.

Nope, sorry. Again, you can block the .torrent filetype, but NOT the torrent itself. And how, exactly, does it matter if the browser picks up proxy settings automatically, or if you set them manually?? The traffic flows through the SAME SERVER, and abides by the same rules.
Quote:

I have used it for stopping torrent downloads. Have tried it even once ..............................!
Great...how about posting exactly how you did it, since you have apparently accomplished something impossible...that is, turning an http proxy into a Layer-7 filter.

Post the ruleset/ACL, since you've already done it.


All times are GMT -5. The time now is 12:53 PM.