maximum number of connections Squid
Posted
by Isaac
on Server Fault
See other posts from Server Fault
or by Isaac
Published on 2009-10-27T06:43:55Z
Indexed on
2010/03/24
21:03 UTC
Read the original article
Hit count: 337
I have a Squid proxy server that controls all internet traffic for my network.
I need a way to stop users from downloading big files (say >50MB) in my network. I banned some famous ports (e.g. torrent) but some downloads are possible by HTTP port. Obviously I cannot ban port 80!
A simple solution is limiting maxmimum number of the simultaneous connections for each IP (e.g. 3 connections). It's possible in Squid with this config:
acl ACCOUNTSDEPT 192.168.5.0/24
acl limitusercon maxconn 3
http_access deny ACCOUNTSDEPT limitusercon
But this solution has really bad impact in web browsing, because any smart browser get different parts of a website by several connections simultaneously to speedup web browsing. But if we have a maximum number of connections, the browsers will fail to get some parts and the website will be shown partially and some parts/images/frames will not be shown.
So, can we limit maximum number of persist connections? I think this policy will works: Specify Maximum number of connections that is alive for 10 seconds But Number of simultaneous connections for every IP is unlimited
But how can we implement this policy when Squid? With which config?
UPDATE:
artifex and Tom Newton offered using a bandwidth-limiting approach to fight against downloaders.
But bandwidth-limiting in Squid has a shortcoming: It's static and cannot dynamically change. So a person has a limited bandwidth not matter how many people are using internet (maybe nobody!)
Also, this solution cannot help to stop people from downloading. They still can download but in a lower speed.
But if we find a way to terminate persist connections (or any connection that is alive more than a specific time), downloading big files will be almost impossible (always there is some way!)
© Server Fault or respective owner