[squid-users] Client bypassing delay pool restrictions

From: RM <bearmeat_at_gmail.com>
Date: Sun, 14 Nov 2010 23:05:07 -0800

Hello all,

I am running Squid Cache: Version 2.6.STABLE21 on CentOS 5.5 and have
been using delay pools to limit clients' bandwidth usage. Here is the
delay pool section and related ACL of the squid.conf file. I have
included the entire squid.conf at the end of the message:

acl all src
delay_pools 1
delay_class 1 1
delay_parameters 1 131072/131072
delay_access 1 allow all

I have used the above delay pool configuration countless times
previously and I did not have any issue but for some reason there is a
client that is able to bypass the delay pool bandwidth restriction and
transfter at rates of 5Mbps+.

Any help would greatly be appreciated.

Thanks in advance!

Ron M.

http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 1 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 1 MB
maximum_object_size_in_memory 50 KB
cache_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid 5 16 256
access_log /var/log/squid/access.log squid
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 2
auth_param basic realm Password Protected Area
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive on
pid_filename /var/run/squid.pid
hosts_file /etc/hosts
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
half_closed_clients off
persistent_request_timeout 0 seconds
acl ip0 myip
acl ip1 myip
acl pwauth proxy_auth REQUIRED
acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl Safe_ports port 80 443
acl blocked_urls dstdomain "/etc/squid/blocked_urls"
acl blocked_regex url_regex "/etc/squid/blocked_regex"
http_access deny blocked_urls
http_access deny blocked_regex
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !Safe_ports
http_access allow pwauth
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
tcp_outgoing_address ip0
tcp_outgoing_address ip1
logfile_rotate 10
memory_pools off
forwarded_for off
log_icp_queries off
client_db off
buffered_logs on
coredump_dir /var/spool/squid
delay_pools 1
delay_class 1 1
delay_parameters 1 131072/131072
delay_access 1 allow all
Received on Mon Nov 15 2010 - 07:05:09 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 15 2010 - 12:00:02 MST