Friday, July 9

Squid delay pools How to | User IP Browser Window based bandwidth limit

How to configure squid delay pools

User based bandwidth Restriction, browser window based limit Examples.

 Delay pools are used for limiting the bandwidth of web traffic. We can restrict bandwidth based on source ip address, destination ip address, source domain, and destination domain.

1) URL, keyword based bandwidth restriction

This will limit the bandwidth for the following keywords video.domain.com mail cricket
acl group1 url_regex -i video.domain.com mail cricke
delay_pools 1
delay_class 1 1

# 256 Kbit/s fill rate, 1024 Kbit/s reserve
delay_parameters 1 32000/128000
delay_access 1 allow group1

2) IP Based Restriction

Below configuration will restrict bandwidth for the ip range 10.5.1.1-10.5.1.255 and allow full bandwidth for the rest of all

acl ipgroup src 10.5.1.1-10.5.1.255/32
delay_pools 1
delay_class 1 1

# 256 Kbit/s fill rate, 1024 Kbit/s reserve
delay_parameters 1 32000/128000
delay_access 1 allow ipgroup
delay_access 1 deny all

3) User group based restriction

Restrict bandwidth for user1,2,3

acl restuser proxy_auth user1 user2 user2
delay_pools 1
delay_class 1 1

# 256 Kbit/s fill rate, 1024 Kbit/s reserve
delay_parameters 1 32000/128000
delay_access 1 allow
restuser  
delay_access 1 deny all

4)time based bandwidth limit

 For time based bandwidth limiting, use the below acl
acl Night_time time SMTWHFA 20:00-24:00
acl Morning_time time SMTWHFA 00:00-08:30

Delay Class

   Class of the delay pool used is defined using this tag. There must be exactly one delay_class line for each delay pool. There are five categories of delay classes.
  
class 1     Everything is limited by a single aggregate bucket.
class 2     Everything is limited by a single aggregate bucket as well as an "individual" bucket chosen from bits 25 through 32 of the IP address.
class 3  Everything is limited by a single aggregate bucket as well as a "network" bucket chosen from bits 17 through 24 of the IP address and a "individual" bucket chosen from bits 17 through 32 of the IP address.
class 4  Everything in a class 3 delay pool, with an additional limit on a per user basis. This only takes effect if the username is established in advance - by forcing authentication in your http_access rules.
class 5  Requests are grouped according their tag 

5) Limiting bandwidth usage both overall and per-user

acl all src all
delay_pool_count 1
delay_class 1 2 # delay class2
#overall speed(1MB=1000/8*1000=125000) and the per-IP speed(25k)
delay_parameters 1 125000/125000 25000/25000
delay_access 1 allow all





FOLLOW US :-        
               





7 comments :

  1. Hi.... can you help me to to configure...I have 1 mbps connection ..I want to allocate full band width for 1 computer ...remaining users need only 256kbps ...how can i configure this with my sqid proxy server.

    tomjoy.pala@gmail.com

    ReplyDelete
  2. it controls only web traffic.. what when someone downloads from torrent?

    niyati277@gmail.com

    ReplyDelete
    Replies
    1. Niyati,
      First you need to think that why the users are allowed to download torrent ? Secondly you have to block in squid and in firewall, I think only squid is not enough...

      Delete
  3. In our instiute as a network admnistrator, I am using Squid with delay pools which controls speed of web traffic. If I allow only 80 (http),443(https) using firewall, advanced torrent users use these ports for torrent. I think even squid+firewall can't stop torrent. We don't want to block torrent (good files r also shared in torrent e..g Fedora), just limit its speed. Any idea please?

    ReplyDelete
  4. sudo iptables -A INPUT -s 192.168.0.0/12 -m connlimit --connlimit-above 100 -j DROP

    restricts the number of simultaneous connections

    may be used to disturb (indirectly control) the torrent working clients

    ReplyDelete
  5. how does it works if I use curl or wget from same machine where the squid is confgured??[I mean i am browsing from same server]??

    ReplyDelete