[squid-users] "Maxconn" Still Doesn't Work from Huang Yu Yin on 2002-11-12 (squid-users)

From: Huang Yu Yin <huangyuyin@dont-contact.us>
Date: Tue, 12 Nov 2002 16:27:22 +0800 (CST)

Hi,

I've asked this question abt 2 weeks ago, and I
followed the example in FAQ 10.22, but still, I can't
get it working. My squid proxy became worse when I
included the "http_access deny 5CONN ZONE1" line, my
clients can't surf the Internet. But when the line
"http_access deny 5CONN ZONE1" is removed, my client
can access the Internet again, and get as many
connections as they like. Part of my configuration is
shown below :

squid.conf
===============

debug_options ALL,1 33,2 28,9
client_db on
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl CONNECT method CONNECT
acl ZONE1 src 10.3.0.0/255.255.0.0
acl 5CONN maxconn 5
acl BannedSites url_regex
"/usr/local/squid/etc/banned.txt"
http_access deny BannedSites
http_access deny 5CONN ZONE1
http_access allow manager localhost
http_access deny all
icp_access allow all

When I checked on the cache.log (as shown below), the
reason being denied was because "it matched all".

Cache.log
==============
2002/11/12 15:41:00| aclCheck: checking 'http_access
deny all'
2002/11/12 15:41:00| aclMatchAclList: checking all
2002/11/12 15:41:00| aclMatchAcl: checking 'acl all
src 0.0.0.0/0.0.0.0'
2002/11/12 15:41:00| aclMatchIp: '10.3.1.196' found
2002/11/12 15:41:00| aclMatchAclList: returning 1
2002/11/12 15:41:00| aclCheck: match found, returning
0
2002/11/12 15:41:00| aclCheckCallback: answer=0
2002/11/12 15:41:00| The request GET
http://www.finatiq.com/ is DENIED, because it matched
'all'

I really don't why the MAXCONN isn't working here, pls
help. My company has got many power users, so Maxconn
would be useful in my case.

Thank you !

-- Huang Yu Yin <huangyuyin@yahoo.com.sg> wrote:
> > Hi,
> > >
> > > Part of my squid.conf is shown below. The
> > "maxconn"
> > > doesn't work, I can still have as many
> connection
> > to
> > > the Internet as I like :
> > >
> > > -------------------
> > > client_db on
> > > acl all src 0.0.0.0/0.0.0.0
> > > acl ZONE1 src 10.3.0.0/255.255.0.0
> > > acl limit maxconn 3
> > > http_access allow ZONE1 !limit
> > > http_access deny all
> > > ---------------------
> > >
> > > Can someone pls point out my mistake ? Thanks !
>
> > >
> > >
> > >
> __________________________________________________
> > > Do You Yahoo!?
> > > Great flight deals, travel info and prizes!
> > > http://sg.travel.yahoo.com
> > >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Great flight deals, travel info and prizes!
> http://sg.travel.yahoo.com

__________________________________________________
Do You Yahoo!?
Great flight deals, travel info and prizes!
http://sg.travel.yahoo.com
Received on Tue Nov 12 2002 - 01:27:23 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:17 MST