I have a Squid proxy server that controls all internet traffic for my network. I need a way to limit user downloads in my networks. I banned some famous ports (e.g. torrent) but some downloads are possible by HTTP port. Obviously I cannot ban port 80!

A simple solution is limiting maxmimum number of the simultaneous connections for each IP (e.g. 3 connections). It's possible in Squid with this config:

acl limitusercon maxconn 3
http_access deny ACCOUNTSDEPT limitusercon

But this solution has really bad impact in web browsing, because any smart browser get different parts of a website by several connections simultaneously to speedup web browsing. But if we have a maximum number of connections, the browsers will fail to get some parts and the website will be shown partially and some parts/images/frames will not be shown.

So, can we limit maximum number of persist connections? I think this policy will works: "Specify Maximum number of connections that is alive for 10 seconds" while "Number of simultaneous connections for every IP is unlimited"

But how can we implement this policy when Squid? With which config?