how to limit downloading in squid proxy.

Hira Inam · 08-07-2012, 10:37 PM

Dear All, please guide me how to limit downloading in squid proxy through acl.

MY acl for 1 user is as follows:
acl me src 10.16.0.39
reply_body_max_size 52428800 deny me
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
http_access deny blockdownloading
http_access deny blocksites
http_access allow me
http_access deny all

but it is not stoping downling of movie thorugh torrent.

kauuttt · 08-08-2012, 12:20 AM

Request to please change the subject line. And give some name which is more specific to your problem.
This will help others to help you.

TB0ne · 08-08-2012, 09:24 AM

Quote:

Originally Posted by Hira Inam

Dear All, please guide me how to limit downloading in squid proxy through acl.

MY acl for 1 user is as follows:
acl me src 10.16.0.39
reply_body_max_size 52428800 deny me
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
http_access deny blockdownloading
http_access deny blocksites
http_access allow me
http_access deny all

but it is not stoping downling of movie thorugh torrent.

Right...why should it? Squid is an HTTP proxy...torrents run through different ports, and different protocols. There is one method you can TRY, and it's listed on the Squid website/documentation:
http://www.linux-support.com/cms/blo...squid-proxies/

It blocks the .torrent type through the browsers...but, someone could just copy the link location, fire up their torrent downloader, paste the link in, and bypass it. This is a fairly complex problem, and there have been solutions posted here before:
https://www.linuxquestions.org/quest...-squid-941462/
https://www.linuxquestions.org/quest...-squid-907942/
https://www.linuxquestions.org/quest...rrents-830666/

Hira Inam · 08-08-2012, 10:59 PM

But i want to limit on downloading not on torrent.

TB0ne · 08-09-2012, 09:13 AM

Quote:

Originally Posted by Hira Inam

But i want to limit on downloading not on torrent.

Then why did you say in your initial question:

Quote:

Originally Posted by Hira Inam

but it is not stoping downling of movie thorugh torrent.

You specifically mentioned torrents, which Squid will not throttle. Again, a good place to start is Google and the Squid documentation...pay particular attention to the delayPools directive:
http://wiki.squid-cache.org/Features/DelayPools

Hira Inam · 08-09-2012, 10:38 PM

Actually i want that any of my user cant download any file size greater than 20 MB say.

TB0ne · 08-10-2012, 10:02 AM

Quote:

Originally Posted by Hira Inam

Actually i want that any of my user cant download any file size greater than 20 MB say.

If you had asked this question first, it would have saved everyone alot of guessing. And did you try looking this up?? Again, the squid documentation is easy to find and search:

http://www.squid-cache.org/Doc/confi...body_max_size/

Hira Inam · 08-10-2012, 10:22 PM

Can you please check my acl allowing user1 not to download above 50 MB and allowing boss downloading with full access ?

acl user1 src 10.16.0.39
acl boss src 10.16.0.111
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
reply_body_max_size 52428800 deny user1
reply_body_max_size 52428800 allow boss
http_access deny blockdownloading
http_access deny blocksites
http_access allow user1
http_access allow boss
http_access deny all

TB0ne · 08-12-2012, 10:34 AM

Quote:

Originally Posted by Hira Inam

Can you please check my acl allowing user1 not to download above 50 MB and allowing boss downloading with full access ?

acl user1 src 10.16.0.39
acl boss src 10.16.0.111
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
reply_body_max_size 52428800 deny user1
reply_body_max_size 52428800 allow boss
http_access deny blockdownloading
http_access deny blocksites
http_access allow user1
http_access allow boss
http_access deny all

Better, why don't you implement this ACL and try it for yourself???

Hira Inam · 08-12-2012, 10:18 PM

I have already implemented it, but the issue is when user1 downloads any movie through utorrent it keeps on downloading with no limit on 50 MB.

TB0ne · 08-15-2012, 07:43 AM

Quote:

Originally Posted by Hira Inam

I have already implemented it, but the issue is when user1 downloads any movie through utorrent it keeps on downloading with no limit on 50 MB.

Did you not understand post #3? Torrents are not running through Squid..you need to block them with different methods. Did you read the links provided in that reply??

ac_kumar · 08-15-2012, 09:41 AM

are you running squid in transparent mode if yes?
torrents are not blocked by squid but I was able to deal with torrent by implementing squid in non-transparent mode(manually setting proxy in browsers)
as for the downloading problem i used delay_pools which decrease download speed when limit is crossed.

TB0ne · 08-15-2012, 09:59 AM

Quote:

Originally Posted by ac_kumar

are you running squid in transparent mode if yes?

The OP clearly posted rules that require a user ID...which means they're clearly not using transparent mode

Quote:

torrents are not blocked by squid but I was able to deal with torrent by implementing squid in non-transparent mode(manually setting proxy in browsers)

You're confused as to what transparent proxy means, and setting up transparent/non-transparent proxy has ZERO to do with blocking ports. Squid CAN NOT block torrents. It's an http proxy...all you can do is block the .torrent file type, but again (as has been said before), a user can simply cut/paste that link into a torrent client, and bypass squid.

Quote:

as for the downloading problem i used delay_pools which decrease download speed when limit is crossed.

Yes...that was stated to the OP before as well.

ac_kumar · 08-15-2012, 02:39 PM

Quote:

Originally Posted by TB0ne

The OP clearly posted rules that require a user ID...which means they're clearly not using transparent mode

You're confused as to what transparent proxy means, and setting up transparent/non-transparent proxy has ZERO to do with blocking ports. Squid CAN NOT block torrents. It's an http proxy...all you can do is block the .torrent file type, but again (as has been said before), a user can simply cut/paste that link into a torrent client, and bypass squid.

Yes...that was stated to the OP before as well.

I know squid is a http proxy but if you use squid in non-transparent mode by which I mean users has to manually set proxy settings in browsers
torrent downloads can be stopped.
I have used it for stopping torrent downloads. Have tried it even once ..............................!

TB0ne · 08-15-2012, 02:50 PM

Quote:

Originally Posted by ac_kumar

I know squid is a http proxy but if you use squid in non-transparent mode by which I mean users has to manually set proxy settings in browsers torrent downloads can be stopped.

Nope, sorry. Again, you can block the .torrent filetype, but NOT the torrent itself. And how, exactly, does it matter if the browser picks up proxy settings automatically, or if you set them manually?? The traffic flows through the SAME SERVER, and abides by the same rules.

Quote:

I have used it for stopping torrent downloads. Have tried it even once ..............................!

Great...how about posting exactly how you did it, since you have apparently accomplished something impossible...that is, turning an http proxy into a Layer-7 filter.

Post the ruleset/ACL, since you've already done it.