Delay Pools and External Group Helper - squid

This is a discussion on Delay Pools and External Group Helper - squid ; We have a few users who abuse the web access we provide, and I was looking to use delay pools to throttle their connections. Unfortunately, I cannot throttle based on IP address, since we are in a terminal services environment, ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Delay Pools and External Group Helper

  1. Delay Pools and External Group Helper

    We have a few users who abuse the web access we provide, and I was
    looking to use delay pools to throttle their connections.
    Unfortunately, I cannot throttle based on IP address, since we are in a
    terminal services environment, and have dozens of users logged into a
    single Windows server.

    Reading the documentation, it looks like delay pools use the users IP
    address exclusively to put them in a pool, but in hopes that some magic
    mojo might have been compiled in, I tried the following configuration:

    acl webAbusers external ntgroup_helper WebAbusers
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 16384/16384 2000/2000
    delay_access 1 allow webAbusers

    But, there appears to be no throttling happening.

    squid -v reports:
    Squid Cache: Version 2.5.STABLE6
    configure options: --build=i386-redhat-linux --host=i386-redhat-linux
    --target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr
    --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
    --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include
    --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var
    --sharedstatedir=/usr/com --mandir=/usr/share/man
    --infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
    --libexecdir=/usr/lib/squid --localstatedir=/var
    --sysconfdir=/etc/squid --enable-poll --enable-snmp
    --enable-removal-policies=heap,lru
    --enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
    --with-openssl=/usr/kerberos --enable-delay-pools
    --enable-linux-netfilter --with-pthreads
    --enable-ntlm-auth-helpers=SMB,winbind
    --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group ,winbind_group
    --enable-auth=basic,ntlm --with-winbind-auth-challenge
    --enable-useragent-log --enable-referer-log
    --disable-dependency-tracking --enable-cachemgr-hostname=localhost
    --disable-ident-lookups --enable-truncate --enable-underscores
    --datadir=/usr/share
    --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,winbind

    So, delay groups are enabled. I also know my ntgroup helper works,
    since we are using it for other ACLs.

    Am I out of luck?

    Thanks in advance.
    Chris


  2. Re: Delay Pools and External Group Helper


    > So, delay groups are enabled. I also know my ntgroup helper works,
    > since we are using it for other ACLs.
    >
    > Am I out of luck?


    Ok. I answered my own question. It looks like support for this will be
    in Squid 3.0 as "Class 4 Delay Pools".

    See: http://www.squid-cache.org/mail-arch...0302/0136.html
    if anyone else stumbles across this and needs an answer.

    Thanks!


+ Reply to Thread