Re: [squid-users] Block Proxy sharing

From: Niti Lohwithee <mr.niti_at_gmail.com>
Date: Thu, 14 Jan 2010 14:16:59 +0700

On Wed, Jan 13, 2010 at 8:27 PM, Kinkie <gkinkie_at_gmail.com> wrote:
>
> On Wed, Jan 13, 2010 at 11:48 AM, Matus UHLAR - fantomas
> <uhlar_at_fantomas.sk> wrote:
> > On 07.01.10 10:18, Niti Lohwithee wrote:
> >> I 'm using Squid stable 2.5 stable 14 running on Linux ES 4 . My
> >> server use NCSA for authentication.
> >
> > that's damn old version...
> >
> >> I have faced a problem about proxy sharing.   Some users have set the
> >> another proxy server--CCproxy-- and point to my proxy.   I can not
> >> prevent it to share using proxy.
> >
> > what kind of problem do you encounter? Why can't your users use
> > intermediarte proxies?
> >
> >> Anyone please give me some advics, How to block it ?
> >
> > you could see what headers do those proxies add to requests and deny all
> > requests containing those headers. Note that users apparently can disable
> > adding of those headers...
>
> If the proxy is authenticated you can set the max_user_ip parameter;
> if it's not the most effective tool is IMO delay pools. Define a
> "sufficient" bandwidth per client IP (e.g. with an high startup
> availability and slow refill). Those who share, will have to share the
> bandwidth, and the user experience will quickly degrade. This will
> give people good incentive not to share "too much".
> Alternatively, just talk to the biggest resource hogs, and remind them
> that whatever happens from their IP address is their responsibility.
> Many will just stop when they know you're onto them.
>
> --
>    /kinkie

Thank you for you good advices

Actually, my squid box has been enabled the max_user_ip parameter. The
concurrent to use the proxy is only 1  So.the users used the CC proxy
to access to my proxy according to my policy.

For the delay pool, I' m afriad that it would be effected to the other
users who use the proxy as unconsistancy used.  Some users may
download for the big file today but they would download the small file
on tomorrow.

Any other advices ?

Regards,
Niti : )
##########################
Received on Thu Jan 14 2010 - 07:17:03 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 14 2010 - 12:00:03 MST