Re: [squid-users] Help configuriing Squid with delay pools

did you read
http://wiki.squid-cache.org/Features/DelayPools
??
Le mardi 15 juin 2010 14:42:13, Jorge Perez a écrit :
> Hello, we are implementing a squid proxy server in my office.
>
> The principal idea is to limit bandwith using delay pools and also block
> some websites.
>
> We have made our config and its working, but we dont know if everyting is
> correct specially in the delay pools part.
>
> **Introduction:
>
> We have dedicated broadband with :
> 4MB FOR INTERNATIONAL TRAFIC
> 100MB FOR NATIONAL
> PROXY: 192.168.169.3
> GATEWAY: 192.168.169.2
> Users: like 150 daily
>
> **We want to divide our internal lan in 5 groups with the following rules
> PER USER.
>
> GROUP 1: normales from 192.168.169.30 to 192.168.169.129
>
> -If a user exceeds 10mb when downloading a file limit to 10kb of download
> speed.
>
> GROUP 2: tecnicos from 192.168.169.130 to 192.168.169.149
>
> -File bigger than 50mb, limit to 30kb
>
> GROUP 3: administrador 192.168.169.150 to 192.168.169.189
>
> -File bigger than 100mb limit to 30kb
>
> GROUP 4: estudio 192.168.169.190 to 192.168.169.219
>
> -No downloads for files or very slow, but freely web surfing including
> youtube.
>
> GROUP 5: gerencia 192.168.169.220 to 192.168.169.252
>
> -Everyting unlimited
>
> **We want to block the following sites from 192.168.169.1 to
> 192.168.169.129 :
>
> BLOCK:
> [CODE].facebook.com .twitter.com .doubleclick.com .fotolog.com
> .warez-bb.org .fotolog.cl .chilewarez.org .rapidshare.com .megaupload.com
> .rapidshare.de .mediafire.com .hotfile.com .myspace.com .fotolog.terra.cl
> .fotologs.com .portalnet.cl .taringa.net .antro.cl .chilewarez.cl
> .chilebt.com .shared.cl .comparte.cl .mininova.org .torrentz.com
> .flickr.com .flicker.net .keepvid.com .kotteshiro.com .no-ip.org
> .no-ip.com .redtube.com .xnxx.com .muyzorras.com .bananacorp.cl
> .orgasmatrix.com .depositfiles.com[/CODE]
>
> **From: 192.168.169.130 to 192.168.169.149
> BLOCK: Same as above unless facebook.com
>
> **Deny from 192.168.169.1 to 192.168.169.29 DOWNLOADING THE FOLLOWING
> EXTENSIONS: [CODE].exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg
> .mpe .mpg .qt .ram .rm .iso .raw .wav .mov[/CODE]
>
> [B]We dont know if the rules per group are possible with the bandwidth we
> have, also everyone surfs a lot youtube, we need that to not eat so much
> bandwith[/B].
>
> Here is our current squid.conf
>
> [QUOTE]
> http_port 192.168.169.3:3128 transparent
> cache_dir ufs /usr/local/squid/var/cache 250 16 256
> cache_effective_user squid
> cache_effective_group squid
> access_log /usr/local/squid/var/logs/access.log squid
> ################################
> acl localnet src 192.168.169.0/255.255.255.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl all src 0.0.0.0/0.0.0.0
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> #### SITIOS BLOKEADOS #####
> acl restobb src 192.168.169.1-192.168.169.129
> acl sucky_urls dstdomain .facebook.com .twitter.com .doubleclick.com
> .fotolog.com .warez-bb.org .fotolog.cl .chilewarez.org .rapidshare.com
> .megaupload.com .rapidshare.de .medi$ deny_info
> [url]http://www.xxxxxxx.xx/error.html[/url] sucky_urls
> http_access deny restobb sucky_urls
> ######################## NO DESCARGAS #####
> acl resto src 192.168.169.1-192.168.169.29/32
> acl descargas_negadas url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip
> .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov deny_info
> [url]http://www.xxxxxxxxxx.xx/error.html[/url] descargas_negadas
> http_access deny resto descargas_negadas
> ######################## SITIOS CASI BLOKEADOS ###############
> acl restobb2 src 192.168.169.130-192.168.169.149
> acl sucky_urls2 dstdomain .twitter.com .doubleclick.com .fotolog.com
> .warez-bb.org .fotolog.cl .chilewarez.org .rapidshare.com .megaupload.com
> .rapidshare.de .mediafire.com .de$ deny_info
> [url]http://www.xxxxxxxx.xx/error.html[/url] sucky_urls2 http_access deny
> restobb2 sucky_urls2
> ########################
> http_access allow CONNECT SSL_ports
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> ########################
> http_access allow localnet
> http_access allow localhost
> http_access deny all
> ##############################
> http_reply_access allow localnet
> http_reply_access deny all
> #############################
> #REGLAS DESCARGAS
> acl normales src 192.168.169.30-192.168.169.129/32
> acl tecnicos src 192.168.169.130-192.168.169.149/32
> acl administrador src 192.168.169.150-192.168.169.189/32
> acl estudio src 192.168.169.190-192.168.169.219/32
> acl gerencia src 192.168.169.220-192.168.169.252/32
> acl descargas url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar
> .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov
>
> delay_pools 5
>
> delay_class 1 1
> delay_parameters 1 10240/10485760 10240/10485760
> delay_access 1 allow normales descargas
> delay_access 1 deny all
>
> delay_class 2 1
> delay_parameters 2 30720/104857600 30720/104857600
> delay_access 2 allow tecnicos descargas
> delay_access 2 deny all
>
> delay_class 3 1
> delay_parameters 3 30720/104857600 30720/104857600
> delay_access 3 allow administrador descargas
> delay_access 3 deny all
>
> delay_class 4 1
> delay_parameters 4 -1/-1 -1/-1
> delay_access 4 allow gerencia descargas
> delay_access 4 deny all
>
> delay_class 5 1
> delay_parameters 5 10240/10240 10240/10240
> delay_access 5 allow estudio descargas
> delay_access 5 deny all
>
> [/QUOTE]
>
> [B]I hope that u guys can help us out to achieve what we are looking
> for.[/B]
>
> You can see this more clearly at
> http://www.linuxquestions.org/questions/showthread.php?p=4004534#post40045
> 34
Received on Tue Jun 15 2010 - 23:27:30 MDT