Re: [squid-users] Has anyone heard about this option??

From: Eliezer Croitoru <>
Date: Thu, 10 Oct 2013 00:57:55 +0300

So this rule:
iptables -t NAT -A PREROUTING -p tcp -i eth0 --dport 80 -m hashlimit
--hashlimit 100/second \
         --hashlimit-burst 100 --hashlimit-mode dstport --hashlimit-name
"rate limit 80"\
         -J REDIRECT --to-port $AbuseServerTriggerAndNotifyPage

Should do the trick..
But as Amos wrote somewhere if I my memory is right about it..
The application level have some benefits..
While external_acl_type is very tempting a eCAP would be the better
choice for performence reasons.
ICAP has the upper hand while allowing concurrency by defalut.

So external_acl_type is nice and helps a lot but it would add some over
blocking... if I remeber right.
I have tried to read the eCAP docs in the past to make something like
the mentioned option avaliable but There is a place for more eCAP
examples for specific tasks to make more people use it.

Who is the expert on eCAP?


On 10/10/2013 12:38 AM, Alex Rousskov wrote:
>> How hard would it be to add a Forward proxy the option to send an error
>> >page to a runtime syn\accpet\other limit?
> If client usage information is available somewhere, then one can use an
> external_acl_type or eCAP/ICAP to block or redirect that client. No new
> options are needed.
> Cheers,
> Alex.
Received on Wed Oct 09 2013 - 21:58:09 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 10 2013 - 12:00:05 MDT