Re: [squid-users] Cutomizable Bandwidth Allocation

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 09 Sep 2010 00:29:54 +1200

On 08/09/10 19:31, Isaac NickAein wrote:
> I have installed squid server as a proxy server for a small network in
> office and configured it to dedicate 100KB/s for each computer (by
> leaky buckets)

You mean delay_pools right?

>
> But sometimes (e.g. when the office is solitude) the users need more
> bandwidth (temporary). I figured out three ways to solve this problem:
>
> 1- Defining some user/passwords for squid server and allocating more
> bandwidth for authenticated users (with ACLs).
>
> This solution is not practical because the users can always use that
> user/password and always get more bandwidth, so it is not temporary.
>
>
> 2- Modifying the squid.conf file to give more bandwidth to special
> computers and reverting it back when the user is done.
>
> This solution solves the problem and bandwidth allocation is under
> control of Admin, But modifying squid.conf is not simple and trivial.
>
>
> 3- I heard about webmin which is a tool that simplifies squid
> configuration but don't test it. Does that solve my problem?
>

I doubt it. It's just an editor for the squid.conf. Depending on whether
you like its GUI or the squid.conf text file you may find one or other
easier.

>
>
> Is there any other options to allocate more bandwidth temporary for computers?

Yes. An external_acl_type helper ACL to add/exclude people from their
normal pools.

Its equivalent to (2), but the external helper can use a database or
whatever backend to alter the match/fail it produces in real-time.

There is a catch though:
   delay_access the external helper lookup can't be done by the
delay_access itself, so a hack is needed.

1) Create an ACL for each pool and have it use the helper. Using a
relatively long TTL parameter for the expternal_acl_type line.

2) Check the external acl like this:
    http_access allow externalPoolCheck !all

3) Use it in the delay_pool assignment
      delay_access allow externalPoolCheck

Pick whatever name you want for the acl, the important part is checking
the http_access early in the config (so the result is cached or use by
delay_access) and using "!all" at the end to stop it doing the
http_access allow/deny action.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.8
   Beta testers wanted for 3.2.0.2
Received on Wed Sep 08 2010 - 12:30:00 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 08 2010 - 12:00:03 MDT