limit number of simultaneous connections to a site

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

limit number of simultaneous connections to a site

mzgmedia
Hello

we want to restrict the access to a site to a certain number of simultanious
connections

we have this config

acl badSite dstdom_regex ^(www\.)?SITE\.[\.a-z]{2,5}
acl badSiteCon maxconn 33
http_access deny badSite badSiteCon


but I don't know if this works
or
it will restrict anybody which has at least 33 connections in total to
different sites and now tries to access the bad site



thank you for your time



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: limit number of simultaneous connections to a site

Amos Jeffries
Administrator
On 18/11/18 12:58 AM, mzgmedia wrote:

> Hello
>
> we want to restrict the access to a site to a certain number of simultanious
> connections
>
> we have this config
>
> acl badSite dstdom_regex ^(www\.)?SITE\.[\.a-z]{2,5}
> acl badSiteCon maxconn 33
> http_access deny badSite badSiteCon
>
>
> but I don't know if this works
> or
> it will restrict anybody which has at least 33 connections in total to
> different sites and now tries to access the bad site
>

The latter. The problem with what you are asking for is that HTTP is a
multiplexed and stateless protocol. Your restriction requires a
statefulness which does not exist.

* Request messages from a client on their connection(s) to Squid may be
for any domain.

 Squid cannot determine what connections will be used for in future.
Only what the current request message is doing, and things like this
client already having N connections total.


* Connections from Squid to a server can (and do) multiplex many
requests from multiple clients for the same domain.

 Use cache_peer to tell Squid that it needs to have certain behaviour on
connections to a particular server. The max-conn=N option of cache_peer
prevents Squid opening more than N connections to that peer. Those N
connections are still shared by all clients requesting from the
domain(s) served by that peer.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users