Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
08-07-2012, 10:37 PM
|
#1
|
LQ Newbie
Registered: Aug 2012
Posts: 15
Rep: 
|
how to limit downloading in squid proxy.
Dear All, please guide me how to limit downloading in squid proxy through acl.
MY acl for 1 user is as follows:
acl me src 10.16.0.39
reply_body_max_size 52428800 deny me
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
http_access deny blockdownloading
http_access deny blocksites
http_access allow me
http_access deny all
but it is not stoping downling of movie thorugh torrent.
Last edited by Hira Inam; 08-08-2012 at 12:22 AM.
|
|
|
08-08-2012, 12:20 AM
|
#2
|
Member
Registered: Dec 2008
Location: Atlanta, GA, USA
Distribution: Ubuntu
Posts: 135
Rep:
|
Request to please change the subject line. And give some name which is more specific to your problem.
This will help others to help you.
|
|
|
08-08-2012, 09:24 AM
|
#3
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,714
|
Quote:
Originally Posted by Hira Inam
Dear All, please guide me how to limit downloading in squid proxy through acl.
MY acl for 1 user is as follows:
acl me src 10.16.0.39
reply_body_max_size 52428800 deny me
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
http_access deny blockdownloading
http_access deny blocksites
http_access allow me
http_access deny all
but it is not stoping downling of movie thorugh torrent.
|
Right...why should it? Squid is an HTTP proxy...torrents run through different ports, and different protocols. There is one method you can TRY, and it's listed on the Squid website/documentation:
http://www.linux-support.com/cms/blo...squid-proxies/
It blocks the .torrent type through the browsers...but, someone could just copy the link location, fire up their torrent downloader, paste the link in, and bypass it. This is a fairly complex problem, and there have been solutions posted here before:
https://www.linuxquestions.org/quest...-squid-941462/
https://www.linuxquestions.org/quest...-squid-907942/
https://www.linuxquestions.org/quest...rrents-830666/
|
|
1 members found this post helpful.
|
08-08-2012, 10:59 PM
|
#4
|
LQ Newbie
Registered: Aug 2012
Posts: 15
Original Poster
Rep: 
|
But i want to limit on downloading not on torrent.
|
|
|
08-09-2012, 09:13 AM
|
#5
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,714
|
Quote:
Originally Posted by Hira Inam
But i want to limit on downloading not on torrent.
|
Then why did you say in your initial question:
Quote:
Originally Posted by Hira Inam
but it is not stoping downling of movie thorugh torrent.
|
You specifically mentioned torrents, which Squid will not throttle. Again, a good place to start is Google and the Squid documentation...pay particular attention to the delayPools directive:
http://wiki.squid-cache.org/Features/DelayPools
|
|
|
08-09-2012, 10:38 PM
|
#6
|
LQ Newbie
Registered: Aug 2012
Posts: 15
Original Poster
Rep: 
|
Actually i want that any of my user cant download any file size greater than 20 MB say.
Last edited by Hira Inam; 08-09-2012 at 10:46 PM.
|
|
|
08-10-2012, 10:02 AM
|
#7
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,714
|
Quote:
Originally Posted by Hira Inam
Actually i want that any of my user cant download any file size greater than 20 MB say.
|
If you had asked this question first, it would have saved everyone alot of guessing. And did you try looking this up?? Again, the squid documentation is easy to find and search:
http://www.squid-cache.org/Doc/confi...body_max_size/
|
|
|
08-10-2012, 10:22 PM
|
#8
|
LQ Newbie
Registered: Aug 2012
Posts: 15
Original Poster
Rep: 
|
Can you please check my acl allowing user1 not to download above 50 MB and allowing boss downloading with full access ?
acl user1 src 10.16.0.39
acl boss src 10.16.0.111
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
reply_body_max_size 52428800 deny user1
reply_body_max_size 52428800 allow boss
http_access deny blockdownloading
http_access deny blocksites
http_access allow user1
http_access allow boss
http_access deny all
|
|
|
08-12-2012, 10:34 AM
|
#9
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,714
|
Quote:
Originally Posted by Hira Inam
Can you please check my acl allowing user1 not to download above 50 MB and allowing boss downloading with full access ?
acl user1 src 10.16.0.39
acl boss src 10.16.0.111
acl blocksites dstdomain "/blocksites"
acl blockdownloading urlpath_regex "/blockdownloading"
deny_info ERR_BLOCKED_FILES blockdownloading
reply_body_max_size 52428800 deny user1
reply_body_max_size 52428800 allow boss
http_access deny blockdownloading
http_access deny blocksites
http_access allow user1
http_access allow boss
http_access deny all
|
Better, why don't you implement this ACL and try it for yourself???
|
|
|
08-12-2012, 10:18 PM
|
#10
|
LQ Newbie
Registered: Aug 2012
Posts: 15
Original Poster
Rep: 
|
I have already implemented it, but the issue is when user1 downloads any movie through utorrent it keeps on downloading with no limit on 50 MB.
|
|
|
08-15-2012, 07:43 AM
|
#11
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,714
|
Quote:
Originally Posted by Hira Inam
I have already implemented it, but the issue is when user1 downloads any movie through utorrent it keeps on downloading with no limit on 50 MB.
|
Did you not understand post #3? Torrents are not running through Squid..you need to block them with different methods. Did you read the links provided in that reply??
|
|
|
08-15-2012, 09:41 AM
|
#12
|
Member
Registered: Aug 2011
Distribution: Ubuntu, Fedora
Posts: 175
Rep:
|
are you running squid in transparent mode if yes?
torrents are not blocked by squid but I was able to deal with torrent by implementing squid in non-transparent mode(manually setting proxy in browsers)
as for the downloading problem i used delay_pools which decrease download speed when limit is crossed.
|
|
|
08-15-2012, 09:59 AM
|
#13
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,714
|
Quote:
Originally Posted by ac_kumar
are you running squid in transparent mode if yes?
|
The OP clearly posted rules that require a user ID...which means they're clearly not using transparent mode
Quote:
torrents are not blocked by squid but I was able to deal with torrent by implementing squid in non-transparent mode(manually setting proxy in browsers)
|
You're confused as to what transparent proxy means, and setting up transparent/non-transparent proxy has ZERO to do with blocking ports. Squid CAN NOT block torrents. It's an http proxy...all you can do is block the .torrent file type, but again (as has been said before), a user can simply cut/paste that link into a torrent client, and bypass squid.
Quote:
as for the downloading problem i used delay_pools which decrease download speed when limit is crossed.
|
Yes...that was stated to the OP before as well.
|
|
|
08-15-2012, 02:39 PM
|
#14
|
Member
Registered: Aug 2011
Distribution: Ubuntu, Fedora
Posts: 175
Rep:
|
Quote:
Originally Posted by TB0ne
The OP clearly posted rules that require a user ID...which means they're clearly not using transparent mode
You're confused as to what transparent proxy means, and setting up transparent/non-transparent proxy has ZERO to do with blocking ports. Squid CAN NOT block torrents. It's an http proxy...all you can do is block the .torrent file type, but again (as has been said before), a user can simply cut/paste that link into a torrent client, and bypass squid.
Yes...that was stated to the OP before as well.
|
I know squid is a http proxy but if you use squid in non-transparent mode by which I mean users has to manually set proxy settings in browsers
torrent downloads can be stopped.
I have used it for stopping torrent downloads. Have tried it even once ..............................!
|
|
|
08-15-2012, 02:50 PM
|
#15
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,714
|
Quote:
Originally Posted by ac_kumar
I know squid is a http proxy but if you use squid in non-transparent mode by which I mean users has to manually set proxy settings in browsers torrent downloads can be stopped.
|
Nope, sorry. Again, you can block the .torrent filetype, but NOT the torrent itself. And how, exactly, does it matter if the browser picks up proxy settings automatically, or if you set them manually?? The traffic flows through the SAME SERVER, and abides by the same rules.
Quote:
I have used it for stopping torrent downloads. Have tried it even once ..............................!
|
Great...how about posting exactly how you did it, since you have apparently accomplished something impossible...that is, turning an http proxy into a Layer-7 filter.
Post the ruleset/ACL, since you've already done it.
|
|
|
All times are GMT -5. The time now is 01:08 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|