Time based download restrictions in Squid

Protecting your Linux box

Time based download restrictions in Squid

Postby maiqbal » Wed Aug 30, 2006 1:56 pm

Hi,

I am a newbie with squid so anyone please help with the following situation in mind:

[/code]

###Source ACLs ###
#
acl proxyusers src 192.168.0.2
acl proxyusers src 192.168.0.3
acl proxyusers src 192.168.0.4
acl proxyusers src 192.168.0.5
acl proxyusers src 192.168.0.6
acl proxyusers src 192.168.0.7
acl proxyusers src 192.168.0.8
#
acl downloaders src 192.168.0.11
acl downloaders src 192.168.0.12
acl downloaders src 192.168.0.13
acl downloaders src 192.168.0.14
acl downloaders src 192.168.0.15
#
#
#
#
#### Restrictions ####
#
acl filenames url_regex -i \.mp3$ \.mpeg$ \.mov$ \.asx$ \.wmv$ \.wma$ \.avi$ \.mpg$ \.qt$ \.ram$ \.rm$ \.iso$ \.wav$
#
#

Code: Select all


Requirements:

1. Proxyusers (acl proxyusers) should not be able to download any of the files in acl filenames

2. Want to allow downloaders to download the files in acl filenames but not in this time (evening 5pm till morning 5am)

3. I want to restrict all user (both proxyusers and downloads) to get an average speed of 4k and should not exceed from that at any time any day

Can someone please help me in this regard?


Regards,

Muhammad Asif Iqbal
maiqbal
Lance Naik
 
Posts: 19
Joined: Fri Sep 03, 2004 11:04 am
WLM: maiqbal24@hotmail.com
Yahoo Messenger: masifiqbal1@yahoo.com
Location: Karachi

Re: Time based download restrictions in Squid

Postby lambda » Wed Aug 30, 2006 6:59 pm

maiqbal wrote:###Source ACLs ###
#
acl proxyusers src 192.168.0.2
acl proxyusers src 192.168.0.3
acl proxyusers src 192.168.0.4
acl proxyusers src 192.168.0.5
acl proxyusers src 192.168.0.6
acl proxyusers src 192.168.0.7
acl proxyusers src 192.168.0.8
#
acl downloaders src 192.168.0.11
acl downloaders src 192.168.0.12
acl downloaders src 192.168.0.13
acl downloaders src 192.168.0.14
acl downloaders src 192.168.0.15

put the proxyusers in a file named /etc/squid/proxyusers.txt or something. do the same with the downloaders (/etc/squid/downloaders.txt). then change the above acls to

Code: Select all

acl proxyusers src "/etc/squid/proxyusers.txt"
acl downloaders src "/etc/squid/downloaders.txt"

it'll be easier to manage that way.
1. Proxyusers (acl proxyusers) should not be able to download any of the files in acl filenames
easily fixed by using

Code: Select all

http_access allow proxyusers !filenames

2. Want to allow downloaders to download the files in acl filenames but not in this time (evening 5pm till morning 5am)
add a time acl (read squid.conf for examples) that matches against 1700-0500, called "evening". and then use

Code: Select all

http_access allow downloaders !evening

3. I want to restrict all user (both proxyusers and downloads) to get an average speed of 4k and should not exceed from that at any time any day
use a delay pool, and add both downloaders and proxyusers to its acl.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Re: Time based download restrictions in Squid

Postby syedali999 » Wed Aug 30, 2006 10:09 pm

Hi Lambda,
impressive way to explain!!! really marvelous!!! :)
Thanks,
Regards


S. Asad Ali Rizvi
===================
Nomado Telecom
http://www.nomado.eu
alex[NoSpam]@nomado.eu
====================
LPI ID: LPI000102069
My blogs:
http://crea8ivefood.blogspot.com
http://actuarialsciencestudies.blogspot.com
syedali999
Battalion Havaldaar Major
 
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Website: http://www.wol.net.pk
WLM: alirizvi@khi.wol.net.pk
Location: Karachi

Postby maiqbal » Thu Aug 31, 2006 11:04 am

Hi lambda,

Thank for the help; you are realy an angel. Can I ask one more thing:

How can I restrict all user to not download more than 5mb per day...? (with all setting in place you told me)

Regards,

Muhammad Asif Iqbal
maiqbal
Lance Naik
 
Posts: 19
Joined: Fri Sep 03, 2004 11:04 am
WLM: maiqbal24@hotmail.com
Yahoo Messenger: masifiqbal1@yahoo.com
Location: Karachi

Postby lambda » Thu Aug 31, 2006 3:06 pm

i don't think so.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 2 guests

cron