Re: [squid-users] Delay pools problem from Amos Jeffries on 2009-09-10 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 10 Sep 2009 22:42:02 +1200

Chris Robertson wrote:
> Augusto Casagrande wrote:
>> Hi everyone.
>> I'm having delay pools issues.
>> I've had declared 3 delay pools , and i'had made 3 different groups in
>> 3 text files, each file contains the name of the user corresponding to
>> the navegation speed
>> I'had declared INFO as the highest privilege group, GRAL as standard
>> navegation group , and REST as restricted navegation group.
>> My problem , is that apparently my rule is not work, as all the users
>> ara allowed in the delay_pool 1, and nobody are allowed in the other 2
>> delay_pools.
>> I guess the problem is in the delay_access section...?
>>
>> My squid.conf section :
>>
>> delay_pools 3
>>
>> delay_class 1 3
>> delay_class 2 3
>> delay_class 3 3
>>
>> delay_access 1 allow info !gral !rest
>>
>
> While explicit as it is, this line would be better expressed (and
> simpler for Squid to parse) as...
>
> delay_access 1 allow info
>
> ...assuming "info", "gral" and "rest" don't have any overlap. If there
> is overlap, the original is fine.
>
>> delay_access 1 deny gral rest
>>
>
> This line says deny access to delay pool 1 for the intersection of gral
> AND rest.
> Since there are no further delay_access rules for pool 1, there is an
> implicit "delay_access 1 allow all" after. What you should have is...
>
> delay_access 1 deny all
>
>> delay_access 2 allow gral !rest
>>
>
> delay_access 2 allow gral
>
>> delay_access 2 deny rest
>>
>
> delay_access 2 deny all
>
>> delay_access 3 allow rest
>> delay_access 3 deny all
>>
>> delay_parameters 1 -1/-1 -1/1024000 15000/512000
>> delay_parameters 2 -1/-1 30000/1024000 7000/512000
>> delay_parameters 3 -1/-1 30000/1024000 3000/512000
>>
>> acl info proxy_auth_regex -i "/etc/squid/info.txt" REQUIRED
>> acl gral proxy_auth_regex -i "/etc/squid/gral.txt" REQUIRED
>> acl rest proxy_auth_regex -i "/etc/squid/rest.txt" REQUIRED
>>

That should be:

acl ... proxy_auth REQUIRED

or
acl ... proxy_auth -i list-of-usernames

or
acl ... proxy_auth_regex -i list-of-usernames

Not a combo of the three on one line.

Using "REQUIRED" accepts _any_ valid usernames. It clashes with setting
a list of specific usernames which are allowed.

>
> I have to imagine that the delay_parameters and ACLs are defined above
> the delay_access lines that reference them, as Squid reads the config
> file in a linear fashion.
>
>> Thanks in advice !
>>
>
> Chris
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13

Received on Thu Sep 10 2009 - 10:42:38 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 10 2009 - 12:00:02 MDT