Re: [squid-users] delay_access line

From: Dayo Adewunmi <contactdayo_at_gmail.com>
Date: Mon, 10 Aug 2009 21:15:35 +0100

Amos Jeffries wrote:
> On Sun, 09 Aug 2009 15:03:10 +0100, Dayo Adewunmi <contactdayo_at_gmail.com>
> wrote:
>
>> Amos Jeffries wrote:
>>
>>> Dayo Adewunmi wrote:
>>>
>>>> Amos Jeffries wrote:
>>>>
>>>>> Dayo Adewunmi wrote:
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> Is this a valid config line?
>>>>>>
>>>>>> delay_access 6 allow lan-students magic_words url_words
>>>>>>
>>>>>>
>>>>> Maybe.
>>>>> Are "lan-students", "magic_words" and "url_words" the names of
>>>>> defined ACL?
>>>>>
>>>>>
>>>>>> Or do I need one for each acl?
>>>>>>
>>>>> You imply that they are, which makes the answer to the first
>>>>> question yes. And the second question:
>>>>>
>>>>> maybe yes, maybe no.
>>>>>
>>>>> Since question 2 requires that we are psychic and can understand
>>>>> both what you intend to do with that single line and what the rest
>>>>> of your configuration looks like. There is no way we can do any
>>>>> better answers.
>>>>>
>>>>> Amos
>>>>>
>>>> Sorry about that. Yes, the three are ACLs. lan-students is a /24 IP
>>>> range
>>>>
>>>> acl magic_words url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip
>>>> .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
>>>>
>>>> acl url_words url_regex -i ictp
>>>>
>>> Um, yeas those really are "words", with regex like that they can
>>> appear anywhere in the URL at all.
>>>
>>> For example www.prettyavians.com will match magic_words, as will
>>> example.com/drawings/index.html and
>>> http://google.com/search?q=foo&ts=asuhihvrpmsvsd
>>>
>>>
>>>> This is the complete delay pool definition for these ACLs:
>>>>
>>>> delay_class 6 3
>>>> delay_parameters 6 800/4000 1000/1000 600/800
>>>> delay_access 6 allow lan-students magic_words url_words
>>>> delay_access 6 deny all
>>>>
>>>> I want lan-students to never use more than 4000bytes of my bandwidth,
>>>> and for the same
>>>> to apply to users (including those in a different delay pool) who
>>>> download .mp3s, .zips, or
>>>> use FTP to have this same restriction. This 4000bytes limit should
>>>> also apply to those who
>>>> access websites with 'ictp' in the URL.
>>>> So, basically, any user who downloads mp3s and such, use FTP,
>>>> navigates to ictp domains,
>>>> should have their requests handled by the 6th delay pool: 800/4000
>>>> 1000/1000 600/800, i.e.
>>>> actually 600bytes refresh/800bytes max.
>>>>
>>>> Dayo
>>>>
>>> Take what you just explained and write your access lines that way...
>>>
>>> (delay lan-students)
>>> delay_access 6 allow lan-student
>>>
>>> (or anyone using FTP)
>>> acl ftp proto FTP
>>> delay_access 6 allow FTP
>>>
>>> (or anyone downloading .mp3s etc)
>>> acl bad_downloads url_regex -i \.mp3(\?.*)$
>>> delay_access 6 allow bad_downloads
>>>
>>> (or any URL with ictp in it)
>>> delay_access 6 allow url_words
>>>
>>> (but thats all)
>>> delay_access 6 deny all
>>>
>>>
>>> Note the regex I use above to match .mp3 file extensions. With all
>>> extra code characters it will only match at the end of a URL file name.
>>>
>>> Amos
>>>
>> Would the below delay pool definition work?
>>
>
> No. The regex is not valid. see below.
>
>
>> Is there a
>> difference/advantage of putting each
>> ACL in its own line, or is it all the same?
>>
>
> Yes there is a difference.
> http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-57610c67cac987182f6055118dd6d29e1ccd4445
> All the items listed in an ACL name are OR'd together. (any _one_ may
> match)
> All items on the same *_access line are AND'd together. (_all_ must match)
>
>
>
>> acl bad_downloads url_regex -i
>>
>>
> [.mp3$|.exe$|.mp3$|.vqf$|.tar.gz$|.gz$|.rpm$|.zip$|.rar$|.avi$|.mpeg$|.mpe$|.mpg$|.qt$|.ram$|.rm
>
>> $|.iso$|.raw$|.wav$]
>>
>
> [] means any single character between.
> meaning your regex may as well be written [.mp3$exvqftarpimsow|] and
> matches every URL possible.
>
> What I think you meant is:
> acl bad_downloads url_regex -i
> \.(mp(3|g|eg?)|exe|vqf|.gz|rpm|zip|avi|qt|ra?m|iso|raw|wav)(\?.*)$
>
>
>> acl ftp_downloads proto FTP
>>
>> delay_class 6 3
>> delay_parameters 6 800/4000 1000/1000 600/800
>> delay_access 6 allow lan-students bad_downloads ftp_downloads
>>
> lan-students
>
> Will block the bad word files only if being downloaded via FTP by a
> student.
>
> Student downloading via HTTP will be non-delayed, any people who are not
> student will be non-delayed, any FTP access which is not a bad download
> will be non-delayed.
>
>
>> delay_access 6 deny all
>>
>> Dayo
>>
>
> Amos
>
>
Thank you, Amos. You've been a huge help with this! :-)

Dayo
Received on Mon Aug 10 2009 - 20:16:06 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 11 2009 - 12:00:02 MDT