Thank you, Amos, for the clarification. After making time for me to test some more with fast acl's I noticed that it still didn't work. So after some more research I found out that the problem is already reported as "Bug 4913 - Delay Pools don't work for Tunneled traffic" which is exactly the problem I was having. HTTP traffic is correctly limited in my tests. For the time being I will see if I can limit it in another way until I can fix it.
Best regards Gabriel El mar., 28 de jul. de 2020 a la(s) 10:26, Amos Jeffries ( squ...@treenet.co.nz) escribió: > On 28/07/20 8:41 am, Service MV wrote: > > Hi everybody! > > I read in the squid mailing lists that delay_pools doesn't work in v4.x, > > but in the documentation I don't see anything about it. > > * Delay pools is a fairly major feature. > > * "Dont work" is a very vague claim. > > * mailing list threads are typically started by people who don't know > how to use a feature properly and having trouble because of that > misunderstanding. > > * 4.x is an entire series of releases with many bug fixes across the > (ongoing) year(s) long lifecycle. > > Draw your own conclusion about the accuracy of such statement on the > mailing list. > > > > > I would like to know if in my SQUID 4.11 configuration with Kerberos + > > LDAP authentication I can setup a delay_pools to limit large downloads > > of any authenticated user. > > > > Yes. That should be entirely possible. > > > > This is my test configuration that I try to do, but I cannot limit the > > downloads. > > > > squid.conf > ... > > acl auth proxy_auth REQUIRED > > delay_pools 1 > > delay_class 1 2 > > delay_parameters 1 64000/64000 64000/64000 > > > delay_access 1 allow auth > > The first problem is here. proxy_auth ACL is a "slow" type and > delay_access only supports "fast" types. > > Squid-4 provides transaction annotations feature that can bridge this > gap. It is a fast type ACL that checks for annotations set by helper > lookups etc. > > acl hasUsername note user > delay_access 1 allow hasUser > delay_access 1 deny all > > > > > http_access allow auth > > This should be down just above the "http_access deny all" > > > > acl SSL_ports port 443 > > acl Safe_ports port 80 > > acl CONNECT method CONNECT > > http_access deny !Safe_ports > > http_access deny CONNECT !SSL_ports > > > > http_access deny all > > > > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
