Re: [squid-users] maxconn to limit user's window on their computer from Henrik Nordstrom on 2003-06-26 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 26 Jun 2003 09:36:16 +0200

On Thursday 26 June 2003 07.16, Aqil wrote:

> Now I want to limit my users to make just a certain
> number of connections, say 1 connection. So I put in
> my squid.conf these lines :

Connections you can limit, but not the number of windows. There is no
real connection between the number of windows and the number of
connections.

You have to allow for at least 4 connections per user plus some. Most
browsers opens up to 4 connections while downloading a single page to
speed up the download of images and other embedded objects. If you do
not allow this then pages will often only download partially, and
navigation may fail.

Some browsers maintain these 4 connections globally for all windows.
Some opens up to 4 connections per active window currently
downloadign a page.

When using this feature you also have to use "half_closed_clients
off". And because there may be slight delays in the communication
between the browser and proxy you need to allow for some slack in the
number of connections i.e. if your policy is to allow 4 connections,
then you need to allow about 6 connections to not falsely deny
requests due to expected networking delays.

The maxconn acl is suitable for blocking "abuse" type use of the proxy
such as download managers opening 100 parallell connections for the
same object in order to steal as much bandwidth as possible and other
similar things. It is also useful to block people running rouge proxy
servers in your network giving access to unauthorized people.

Only to a very limited aspect can you limit the number of browser
windows by the number of connections made via the maxconn acl. If you
really want to limit the number of windows then this has to be done
by software running on the client computer, enforcing a policy that
there may only be a single browser window running on the computer.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Thu Jun 26 2003 - 01:36:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:39 MST