[squid-users] ACLs - making up a multiple match requirement. (AND like)

From: Greg Whynott <greg.whynott_at_gmail.com>
Date: Thu, 01 Dec 2011 11:43:18 -0500

looking for guidance on creating delay pools, something I've never done
before and because its a production system, I'd like to minimize my
down time or the amount of time i'd be here if I have to come in on the
weekend to do it.

the intent is to limit bandwidth to a list of external networks, either
by IP or URL regex, to 1000kb/sec for the entire studio during work
hours,, _except_ for a list/group of excluded hosts inside; which will
have unrestricted access to the same external hosts.

i'm attempting to limit youtube bandwidth during work hours for a
particular inside network, whist the other inside networks have full
bandwidth, with squid. At the same time, the 'limited' network has
full bandwidth to other non youtube sites. it appears i'd need some
soft of AND logic (if src IP is youtube and dest is LAN-A then..).

  I achieved this on the router using limiters/queues but its appears
this won't work going forward, with the new 'exclusion' requirement
management has asked me to implement. The source or destination
always appears to be the squid server itself from the internet router's
perspective. which is why i'm considering squid now.

I looked around the documents and how-tos but they all seem to use ACLs
which reference a set value, without exclusions.

in my perfect world, it would look something like this..(i know this
syntax probably doesn't exist.. just an example of how i think it would
look if it did..)

acl youtubelimit dstdomain .youtube.com
acl networkA youtubelimit
acl networkB !youtubelimit

where youtubelimit would be a delay pool, I guess...

I guess the short question would be, is there a method to set up acls
with multiple critera (an AND like ACL)?
if src ip = and dst ip = then use limiter.
Received on Thu Dec 01 2011 - 16:43:27 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST