Discussion:
[squid-users] limit number of simultaneous connections to a site
mzgmedia
2018-11-17 11:58:08 UTC
Permalink
Hello

we want to restrict the access to a site to a certain number of simultanious
connections

we have this config

acl badSite dstdom_regex ^(www\.)?SITE\.[\.a-z]{2,5}
acl badSiteCon maxconn 33
http_access deny badSite badSiteCon


but I don't know if this works
or
it will restrict anybody which has at least 33 connections in total to
different sites and now tries to access the bad site



thank you for your time



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-11-18 05:24:36 UTC
Permalink
Post by mzgmedia
Hello
we want to restrict the access to a site to a certain number of simultanious
connections
we have this config
acl badSite dstdom_regex ^(www\.)?SITE\.[\.a-z]{2,5}
acl badSiteCon maxconn 33
http_access deny badSite badSiteCon
but I don't know if this works
or
it will restrict anybody which has at least 33 connections in total to
different sites and now tries to access the bad site
The latter. The problem with what you are asking for is that HTTP is a
multiplexed and stateless protocol. Your restriction requires a
statefulness which does not exist.

* Request messages from a client on their connection(s) to Squid may be
for any domain.

Squid cannot determine what connections will be used for in future.
Only what the current request message is doing, and things like this
client already having N connections total.


* Connections from Squid to a server can (and do) multiplex many
requests from multiple clients for the same domain.

Use cache_peer to tell Squid that it needs to have certain behaviour on
connections to a particular server. The max-conn=N option of cache_peer
prevents Squid opening more than N connections to that peer. Those N
connections are still shared by all clients requesting from the
domain(s) served by that peer.


Amos

Loading...