Ok, I can limit downloads, but this is not ths
solution, this is just a backdoor way out, there
should be more control over client sessions, A GUI
interface or command line utility, that can alter
individual sessions.
There are certain java aplications that are embeded,
and for them using socks it not possible, they use
HTTP, more over certain XML applications work in the
same manner.
http://www-svca.mercuryinteractive.com/products/testdirector
I would like to put my head in the source and i guess
i would not have to do much, since squid logs every
session and every request.
--- Henrik Nordstrom <hno@squid-cache.org> wrote:
> ons 2003-06-25 klockan 13.38 skrev Mohsin Khan:
>
> > Well ppl True, but there are certain
> > limitations, if give squid a HUP signal or restart
> it,
> > it will not only close all the download sessions,
> but
> > there are certain java applications that run
> through
> > browsers and well they maintain login sessions,
> and
> > once squid is closed there session is closed as
> well
> > and they have to download the API's again, and
> > relogin.
>
> A HUP does not close any sessions. A restart does.
>
> A JAVA applet using HTTP should not notice the
> restart of the proxy,
> unless if it is actively fetching something at the
> time the proxy is
> restarted. Sessions is a business between the applet
> and the web server,
> not actively involving the proxy.
>
> If you have an applet using the proxy as a tunnel
> via the CONNECT method
> to reach some server application then you indeed
> have this problem, but
> only because you are using the HTTP proxy for things
> it is not intended
> to be used for (for such purposes a SOCKS proxy
> should be used).
>
> > Secondly in my enviroment i can not restrict the
> bandwidth,
> > its just that users are educated to not to
> download like this,
> > but if some one do than there must be so
> accountability.
>
> Accontability you have. The session is logged when
> it finishes, and
> running sessions is visible in the cachemgr
> interface.
>
> Why can you not restrict bandwidth? If you already
> have the policy that
> users must not download like this, why not make a
> rule which denies them
> to do so? It is very easy to do in Squid without
> limiting the speed of
> normal browsing.
>
> What you do not have in Squid is the possibility to
> actively terminate
> unwanted sessions. But if nothing else a temporary
> firewall rule (both
> Linux and FreeBSD have integrated firewalls) can be
> used to block a
> download once the session is identified and you can
> not reach the user
> to ask them to stop what they are doing.
>
> Adding a function natively to Squid to selectively
> terminate sessions is
> possible, but requires a bit of coding as it is not
> a function which
> exists today.
>
> Regards
> Henrik
>
>
> --
> Donations welcome if you consider my Free Squid
> support helpful.
>
https://www.paypal.com/xclick/business=hno%40squid-cache.org
>
> Please consult the Squid FAQ and other available
> documentation before
> asking Squid questions, and use the squid-users
> mailing-list when no
> answer can be found. Private support questions is
> only answered
> for a fee or as part of a commercial Squid support
> contract.
>
> If you need commercial Squid support or cost
> effective Squid and
> firewall appliances please refer to MARA Systems AB,
> Sweden
> http://www.marasystems.com/, info@marasystems.com
>
=====
Regards,
Mohsin Khan
CCNA ( Cisco Certified Network Associate 2.0 )
>>>Happy is the one who can smile<<<
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
Received on Wed Jun 25 2003 - 09:59:53 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:38 MST