It's been a while since I've looked at this—because the software we use to generate our squid.conf just works around now—but we found that Squid 3 would only enforce exactly half the configured rate on HTTP requests but enforce the full rate on HTTPS requests.
So we now make two delay pools for every "restriction": one for HTTP which is x2 the byte rate and one for HTTPS which is normal. I don't we looked much more into it or filed a bug 'cause none of the developers seem very keen on pushing delay_pools forward, due their being more robust network-level approaches these days. On Wed, 17 Feb 2016 at 12:37 Hery Martin <scorpion...@gmail.com> wrote: > Hello everybody: > > Since a few months ago I'm using squid to provide a solution as small > business proxy in the network of my work place. > > I'm from Cuba, in our country the Internet is a very limited resource. I > have only one link of 2Mbps to share with 20 ~ 25 users (even with my > network have more than 60) this is the normal concurrent number. > > When I start the squid deployment in my network I started using 2.7stable9 > version, I made all arrangements to put it work with my AD to match ACLs > using AD Groups and everything works perfect. > > I defined 1 class 2 delay pools to to limits traffic to 12 KBytes/s per > user approx. > > delay_pool 1 > delay_class 1 2 > delay_parameters -1/-1 12228/12228 > > The delay pool works perfect, I was checking with real-time tool sqstat > and with squidclient mgr:delay > > NOW..... > > I recently upgrade squid to 3.3.8 and I notice that delay pool started to > going wrong when the users surf or download using HTTPS protocol > > I checked in real-time and when the users browse HTTPS the pool goes in > negative numbers and start to grow and grow, its very easy to check, just > define a delay pool with 5KB and start a download from an HTTPS source and > you can check it with squidclient mgr:delay, the ip takes negative pool > value and keep growing until the download finish. > > Frustrated with this behavior I put different squid versions in a > Virtualization Server and definitely I saw that the problem occurs with > squid 3.x versions, today I made a final test and I think that the > implementation of HTTP v1.1 is maybe related with that problem (I'm not > sure but tomorow I will make a few tests with squid 3.1 where HTTP v1.1 was > not yet implemented) > > Please, if you have the opportunity, just test this in a Lab environment, > I decided to write to this email list because I asked to many people that > already have implemented squid as proxy in their networks and they didn't > believed to me until I demostrated the issue. > > Have anyone information about this bug? There is any hope to fix this > problem at code level? > > Anyway, I'm computer systems engineer, I use to write a lot C++ lines > every week... I'm not related with the squid development (never saw the > code in my life) but if somebody have any idea how to fix this and wants > help just count with me. > > Greetings from Cuba and sorry about my English :) > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
