[squid-users] delay_pool and external_acl problem from Mateusz Kamiński on 2012-07-03 (squid-users)

From: Mateusz Kamiński <mateusz_at_kaminscy.biz>
Date: Tue, 3 Jul 2012 16:03:19 +0200

Hello,
I am trying to build squid configuration but i fail with delay pools
for external_acl's. I am running squid for multiple ip addresses and I
have authentication per src ip or user/pass. I try to do delay_pool
configuration for src->dst pair to limit transfer speed per second. I
am using ip_user_check plugin for it and it seems it works but i
cannot see delay. Here is part of my config:

#delayed clients
external_acl_type ip_delay2 ttl=30 negative_ttl=30 %SRC %DST
/usr/local/squid/libexec/ip_user_check -f
/usr/local/squid/etc/delay.conf
acl delay_acl external ip_delay2
http_reply_access deny delay_acl !delay_acl
delay_pools 1
delay_class 1 1
delay_parameters 1 50/50
delay_access 1 allow delay_acl
delay_access 1 deny all
#http_access deny delay_acl

#src + squid ip authentification
external_acl_type src_user ttl=300 negative_ttl=300 %MYADDR %SRC
/usr/local/squid/libexec/ip_user_check -f
/usr/local/squid/etc/src.conf
acl src_users external src_user %MYADDR %SRC
http_access allow src_users

#user/pass auth
auth_param basic program /usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/squid.pass
auth_param basic children 2
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED
http_access deny !ncsa_users

#checking if user from above can access this squid ip
external_acl_type ip_user ttl=300 negative_ttl=300 %MYADDR %LOGIN
/usr/local/squid/libexec/ip_user_check -f /usr/local/squid/etc/ip.conf
acl ip_users external ip_user %MYADDR %LOGIN
http_access deny !ip_users

In debug i can see that when i am trying to access %SRC -> %DST which
matches my delay.conf file delay_acl returns 1. But i don't see any
download slow down (i put there 50/50 to really see the limitation).
But if i uncomment line #http_access deny delay_acl - request is
denied - so i can verify that delay_acl works fine. Where is my
mistake?
I tried also to change delay_acl for normal (not external one) with :
acl delay_acl src my_ip , and for this configuration delay_pools
works fine limiting transfer speed. So it seems there is a problem
with external_acl and delay_pool pair...

-- 
Regards,
Mateusz Kamiński

Received on Tue Jul 03 2012 - 14:03:26 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 04 2012 - 12:00:02 MDT