On Tue, 13 Jan 2004, Paul wrote:

> I'd like to limit the total number of connections from anywhere,
> and would like some clarification. For example, with the following:
>
> acl connlimit maxconn 2
> http_access deny all connlimit
> http_access allow !connlimit


maxconn is appplied per source IP address so this is not what you are
looking for.

> I can establish at most 2 connections from one IP number.
> So far so good. But if I come in from another IP number, I can
> establish additional connections, leading me to believe that the
> *total* number of connections allowed is essentially unlimited.


The total number of connections is limited by the maximum number of
filedescriptors your OS allows Squid to use. Each concurrent requests uses
up to 3 filedescriptor (client connection, server connection, cache).

If Squid runs short of filedescriptors (less than 100 free filedescriptors
IIRC) it will automatically stop accepting new client connections.

The number of available filedescriptors can be set by ulimit when starting
Squid. You should not set this limit lower than ca 128, and you should
almost certainly disable persistent connections if considering running
Squid with a low amount of filedescriptors or otherwise limited amount of
connections.

Regards
Henrik