Re: [squid-users] Delay pools problem - SOLVED

From: Augusto Casagrande <augustocasagrande_at_gmail.com>
Date: Thu, 10 Sep 2009 09:07:58 -0300

Thanks Amos and Chris, problem solved.
I've removed the REQUIRED statement, and simplified que expressions
(INFO !GRAL !REST)...
Thank you very much!

2009/9/10 Amos Jeffries <squid3_at_treenet.co.nz>:
> Chris Robertson wrote:
>>
>> Augusto Casagrande wrote:
>>>
>>> Hi everyone.
>>> I'm having delay pools issues.
>>> I've had declared 3 delay pools , and i'had made 3 different groups in
>>> 3 text files, each file contains the name of the user corresponding to
>>> the navegation speed
>>> I'had declared INFO as the highest privilege group, GRAL as standard
>>> navegation group , and REST as restricted navegation group.
>>> My problem , is that apparently my rule is not work, as all the users
>>> ara allowed in the delay_pool 1, and nobody are allowed in the other 2
>>> delay_pools.
>>> I guess the problem is in the delay_access section...?
>>>
>>> My squid.conf section :
>>>
>>> delay_pools 3
>>>
>>> delay_class 1 3
>>> delay_class 2 3
>>> delay_class 3 3
>>>
>>> delay_access 1 allow info !gral !rest
>>>
>>
>> While explicit as it is, this line would be better expressed (and simpler
>> for Squid to parse) as...
>>
>> delay_access 1 allow info
>>
>> ...assuming "info", "gral" and "rest" don't have any overlap.  If there is
>> overlap, the original is fine.
>>
>>> delay_access 1 deny gral rest
>>>
>>
>> This line says deny access to delay pool 1 for the intersection of gral
>> AND rest.
>> Since there are no further delay_access rules for pool 1, there is an
>> implicit "delay_access 1 allow all" after.  What you should have is...
>>
>> delay_access 1 deny all
>>
>>> delay_access 2 allow gral !rest
>>>
>>
>> delay_access 2 allow gral
>>
>>> delay_access 2 deny rest
>>>
>>
>> delay_access 2 deny all
>>
>>> delay_access 3 allow rest
>>> delay_access 3 deny all
>>>
>>> delay_parameters 1 -1/-1 -1/1024000 15000/512000
>>> delay_parameters 2 -1/-1 30000/1024000 7000/512000
>>> delay_parameters 3 -1/-1 30000/1024000 3000/512000
>>>
>>> acl info proxy_auth_regex -i "/etc/squid/info.txt" REQUIRED
>>> acl gral proxy_auth_regex -i "/etc/squid/gral.txt" REQUIRED
>>> acl rest proxy_auth_regex -i "/etc/squid/rest.txt" REQUIRED
>>>
>
> That should be:
>
>  acl ... proxy_auth REQUIRED
>
> or
>  acl ... proxy_auth -i list-of-usernames
>
> or
>  acl ... proxy_auth_regex -i list-of-usernames
>
> Not a combo of the three on one line.
>
> Using "REQUIRED" accepts _any_ valid usernames. It clashes with setting a
> list of specific usernames which are allowed.
>
>>
>> I have to imagine that the delay_parameters and ACLs are defined above the
>> delay_access lines that reference them, as Squid reads the config file in a
>> linear fashion.
>>
>>> Thanks in advice !
>>>
>>
>> Chris
>>
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>  Current Beta Squid 3.1.0.13
>
Received on Thu Sep 10 2009 - 12:13:34 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 10 2009 - 12:00:02 MDT