reply_body_max_size question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

reply_body_max_size question

Danny-2
I am running Debian 8 with Squid3 installed (transparent). However, I would like to know a little more about the "reply_body_max_size" directive. I have read quite a bit about it but none of the discussions on the net fits my criteria ...
(Oh yes, squidGuard is also running around my server somewhere doing what it is supposed to do ... I hope ... )

It is a home setup with the Debian box serving DHCP IP's over wlan0 (which all devices in the house connect to for internet access). 9 laptops, 4 PC's, 7 tablets and 9 SmartPhones (and that is only the kid's stuff fighting for bandwidth supremacy ... ;) ) ... We are all on the same subnet ...

The problem I have (as with most parents) is to limit the kid's download sizes from all over the net. Where I am we have capped internet and have to pay for more cap.
Currently I get 20GB of data every month and by the end of the month I have purchased in excess of 100GB throughout the month which gets very expensive.
My son plays games on his PS3 and some of the games (Call of Duty, I think) one player can download another player's in-game recorded video (or something like that) and that eats up the cap.

Currently my "reply_body_max_size" is set to 20 MB in my efforts to curb downloads and save some bandwidth.
However, whenever myself or the wife wants to download or visit youtube I have to change the 20MB limit, restart Squid3, watch youtube, change limit back to 20MB and reload Squid3 again ... which is a pain in the butt ...

Currently my ACL's look like this:

acl localnet src 10.0.0.0/24
acl localnet_dad_laptop 10.0.0.10
acl localnet_dad_smartphone 10.0.0.11
acl localnet_mom_laptop 10.0.0.12
acl localnet_mom_smartphone 10.0.0.13
acl localnet_son_laptop 10.0.0.14
acl localnet_son_smartphone 10.0.0.15
acl localnet_son_tablet 10.0.0.16

---and so it goes on for all the other devices---

http_access allow localnet
http_access allow localnet_dad_laptop
http_access allow localnet_dad_smartphone
http_access allow localnet_mom_laptop
http_access allow localnet_mom_smartphone
http_access allow localnet_son_laptop
http_access allow localnet_son_smartphone
http_access allow localnet_son_tablet

---and so it goes on for all the other devices---

How can I allow mom and dad unlimited download sizes but limit download sizes for my kids (son, daughter and daughter) and all the kid's friends that visit and sleep over?

Thank You

Danny
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_body_max_size question

Amos Jeffries
Administrator
On 3/07/2015 2:41 a.m., Danny wrote:
> I am running Debian 8 with Squid3 installed (transparent). However, I would like to know a little more about the "reply_body_max_size" directive. I have read quite a bit about it but none of the discussions on the net fits my criteria ...

It works as documented at
<http://www.squid-cache.org/Doc/config/reply_body_max_size/>.  If that
does not fit your criteria then its not what you need.


> (Oh yes, squidGuard is also running around my server somewhere doing what it is supposed to do ... I hope ... )
>
> It is a home setup with the Debian box serving DHCP IP's over wlan0 (which all devices in the house connect to for internet access). 9 laptops, 4 PC's, 7 tablets and 9 SmartPhones (and that is only the kid's stuff fighting for bandwidth supremacy ... ;) ) ... We are all on the same subnet ...
>
> The problem I have (as with most parents) is to limit the kid's download sizes from all over the net. Where I am we have capped internet and have to pay for more cap.
> Currently I get 20GB of data every month and by the end of the month I have purchased in excess of 100GB throughout the month which gets very expensive.
> My son plays games on his PS3 and some of the games (Call of Duty, I think) one player can download another player's in-game recorded video (or something like that) and that eats up the cap.
>
> Currently my "reply_body_max_size" is set to 20 MB in my efforts to curb downloads and save some bandwidth.
> However, whenever myself or the wife wants to download or visit youtube I have to change the 20MB limit, restart Squid3, watch youtube, change limit back to 20MB and reload Squid3 again ... which is a pain in the butt ...
>
> Currently my ACL's look like this:
>
> acl localnet src 10.0.0.0/24
> acl localnet_dad_laptop 10.0.0.10
> acl localnet_dad_smartphone 10.0.0.11
> acl localnet_mom_laptop 10.0.0.12
> acl localnet_mom_smartphone 10.0.0.13
> acl localnet_son_laptop 10.0.0.14
> acl localnet_son_smartphone 10.0.0.15
> acl localnet_son_tablet 10.0.0.16
>
> ---and so it goes on for all the other devices---
>
> http_access allow localnet

NOTE: No http_access ACLs controlling 10.0.0.0/24 have any effect below
this one that allows them all access to use the proxy.

> http_access allow localnet_dad_laptop
> http_access allow localnet_dad_smartphone
> http_access allow localnet_mom_laptop
> http_access allow localnet_mom_smartphone
> http_access allow localnet_son_laptop
> http_access allow localnet_son_smartphone
> http_access allow localnet_son_tablet
>
> ---and so it goes on for all the other devices---
>
> How can I allow mom and dad unlimited download sizes but limit download sizes for my kids (son, daughter and daughter) and all the kid's friends that visit and sleep over?

By applying ACLs for the kids on the reply_body_max_size directive lines
setting the sizes to use for them. Like so:
  reply_body_max_size 50 KB localnet_son_smartphone

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_body_max_size question

Augusto Gabanzo
In reply to this post by Danny-2
i belive you can do something like this:

reply_body_max_size X deny localnet !localnet_dad_laptop !localnet_mom_laptop

that should if im not wrong deny all ips but those ending in 10 and 12

-----Mensaje original-----
De: squid-users [mailto:[hidden email]] En nombre de Danny
Enviado el: jueves, 02 de julio de 2015 10:42 a. m.
Para: [hidden email]
Asunto: [squid-users] reply_body_max_size question

I am running Debian 8 with Squid3 installed (transparent). However, I would like to know a little more about the "reply_body_max_size" directive. I have read quite a bit about it but none of the discussions on the net fits my criteria ...
(Oh yes, squidGuard is also running around my server somewhere doing what it is supposed to do ... I hope ... )

It is a home setup with the Debian box serving DHCP IP's over wlan0 (which all devices in the house connect to for internet access). 9 laptops, 4 PC's, 7 tablets and 9 SmartPhones (and that is only the kid's stuff fighting for bandwidth supremacy ... ;) ) ... We are all on the same subnet ...

The problem I have (as with most parents) is to limit the kid's download sizes from all over the net. Where I am we have capped internet and have to pay for more cap.
Currently I get 20GB of data every month and by the end of the month I have purchased in excess of 100GB throughout the month which gets very expensive.
My son plays games on his PS3 and some of the games (Call of Duty, I think) one player can download another player's in-game recorded video (or something like that) and that eats up the cap.

Currently my "reply_body_max_size" is set to 20 MB in my efforts to curb downloads and save some bandwidth.
However, whenever myself or the wife wants to download or visit youtube I have to change the 20MB limit, restart Squid3, watch youtube, change limit back to 20MB and reload Squid3 again ... which is a pain in the butt ...

Currently my ACL's look like this:

acl localnet src 10.0.0.0/24
acl localnet_dad_laptop 10.0.0.10
acl localnet_dad_smartphone 10.0.0.11
acl localnet_mom_laptop 10.0.0.12
acl localnet_mom_smartphone 10.0.0.13
acl localnet_son_laptop 10.0.0.14
acl localnet_son_smartphone 10.0.0.15
acl localnet_son_tablet 10.0.0.16

---and so it goes on for all the other devices---

http_access allow localnet
http_access allow localnet_dad_laptop
http_access allow localnet_dad_smartphone http_access allow localnet_mom_laptop http_access allow localnet_mom_smartphone http_access allow localnet_son_laptop http_access allow localnet_son_smartphone http_access allow localnet_son_tablet

---and so it goes on for all the other devices---

How can I allow mom and dad unlimited download sizes but limit download sizes for my kids (son, daughter and daughter) and all the kid's friends that visit and sleep over?

Thank You

Danny
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_body_max_size question

Danny-2
In reply to this post by Amos Jeffries
> It works as documented at
> <http://www.squid-cache.org/Doc/config/reply_body_max_size/>.  If that
> does not fit your criteria then its not what you need.

I am aware of that, I was just a little unsure how to split the different dowload
sizes amongst all the different users.
 

> > http_access allow localnet
>
> NOTE: No http_access ACLs controlling 10.0.0.0/24 have any effect below
> this one that allows them all access to use the proxy.
>
> > http_access allow localnet_dad_laptop
> > http_access allow localnet_dad_smartphone
> > http_access allow localnet_mom_laptop
> > http_access allow localnet_mom_smartphone
> > http_access allow localnet_son_laptop
> > http_access allow localnet_son_smartphone
> > http_access allow localnet_son_tablet

Thank you ... did not know that ... I was under the impression every user i.e
device needed to be granted http_access ...

> By applying ACLs for the kids on the reply_body_max_size directive lines
> setting the sizes to use for them. Like so:
>   reply_body_max_size 50 KB localnet_son_smartphone

O.k ... so currently I have:
reply_body_max_size 20 MB

If I combine your suggestion and Augusto Gabanzo's (who suggested something a little different) can I then do something like this:
##########
reply_body_max_size 0 MB !localnet_son_laptop !localnet_son_smartphone !localnet_son_tablet
reply_body_max_size 5 MB localnet_son_laptop localnet_son_smartphone localnet_son_tablet (// Or must each device get it's own limit?)
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_body_max_size question

Amos Jeffries
Administrator
On 3/07/2015 5:46 a.m., Danny wrote:

>> It works as documented at
>> <http://www.squid-cache.org/Doc/config/reply_body_max_size/>.  If that
>> does not fit your criteria then its not what you need.
>
> I am aware of that, I was just a little unsure how to split the different dowload
> sizes amongst all the different users.
>  
>>> http_access allow localnet
>>
>> NOTE: No http_access ACLs controlling 10.0.0.0/24 have any effect below
>> this one that allows them all access to use the proxy.
>>
>>> http_access allow localnet_dad_laptop
>>> http_access allow localnet_dad_smartphone
>>> http_access allow localnet_mom_laptop
>>> http_access allow localnet_mom_smartphone
>>> http_access allow localnet_son_laptop
>>> http_access allow localnet_son_smartphone
>>> http_access allow localnet_son_tablet
>
> Thank you ... did not know that ... I was under the impression every user i.e
> device needed to be granted http_access ...

They do. But not necessarily individually. The /24 does all IPs in the
subnetwork as a group.

You can also list multiple IPs and/or subnets in one ACL name. That
helps fixing the below...


>
>> By applying ACLs for the kids on the reply_body_max_size directive lines
>> setting the sizes to use for them. Like so:
>>   reply_body_max_size 50 KB localnet_son_smartphone
>
> O.k ... so currently I have:
> reply_body_max_size 20 MB
>
> If I combine your suggestion and Augusto Gabanzo's (who suggested something a little different) can I then do something like this:
> ##########
> reply_body_max_size 0 MB !localnet_son_laptop !localnet_son_smartphone !localnet_son_tablet
> reply_body_max_size 5 MB localnet_son_laptop localnet_son_smartphone localnet_son_tablet (// Or must each device get it's own limit?)

The ACLs on a line are AND'd together. Better to make one ACL that
matches all the IPs for the user you want to limit.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reply_body_max_size question

Danny-2
Thank You Amos ... with a  little trial and error I got it right.

Danny

On Jul 04 15, Amos Jeffries :

> To: [hidden email]
> Date: Sat, 04 Jul 2015 03:35:23 +1200
> From: Amos Jeffries <[hidden email]>
> Subject: Re: [squid-users] reply_body_max_size question
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101
>  Thunderbird/31.7.0
> X-BeenThere: [hidden email]
>
> On 3/07/2015 5:46 a.m., Danny wrote:
> >> It works as documented at
> >> <http://www.squid-cache.org/Doc/config/reply_body_max_size/>.  If that
> >> does not fit your criteria then its not what you need.
> >
> > I am aware of that, I was just a little unsure how to split the different dowload
> > sizes amongst all the different users.
> >  
> >>> http_access allow localnet
> >>
> >> NOTE: No http_access ACLs controlling 10.0.0.0/24 have any effect below
> >> this one that allows them all access to use the proxy.
> >>
> >>> http_access allow localnet_dad_laptop
> >>> http_access allow localnet_dad_smartphone
> >>> http_access allow localnet_mom_laptop
> >>> http_access allow localnet_mom_smartphone
> >>> http_access allow localnet_son_laptop
> >>> http_access allow localnet_son_smartphone
> >>> http_access allow localnet_son_tablet
> >
> > Thank you ... did not know that ... I was under the impression every user i.e
> > device needed to be granted http_access ...
>
> They do. But not necessarily individually. The /24 does all IPs in the
> subnetwork as a group.
>
> You can also list multiple IPs and/or subnets in one ACL name. That
> helps fixing the below...
>
>
> >
> >> By applying ACLs for the kids on the reply_body_max_size directive lines
> >> setting the sizes to use for them. Like so:
> >>   reply_body_max_size 50 KB localnet_son_smartphone
> >
> > O.k ... so currently I have:
> > reply_body_max_size 20 MB
> >
> > If I combine your suggestion and Augusto Gabanzo's (who suggested something a little different) can I then do something like this:
> > ##########
> > reply_body_max_size 0 MB !localnet_son_laptop !localnet_son_smartphone !localnet_son_tablet
> > reply_body_max_size 5 MB localnet_son_laptop localnet_son_smartphone localnet_son_tablet (// Or must each device get it's own limit?)
>
> The ACLs on a line are AND'd together. Better to make one ACL that
> matches all the IPs for the user you want to limit.
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users