1

In fact my problem is with users who download large files from internet in my network.

I have a Squid cache/proxy server in my network that is placed between my network and the Internet.

I thought terminating connections that is alive for a long time maybe helps to prevent users downloading large files. So ask it in SO in this post but didn't get clear answer. it seems it's impossible with Squid. :-/

Now, one solution that also suggested in that post is limiting bandwidth for each user: We just give a suitable bandwidth to each user and user can do anything (even downloading) without bothering others.

But as far as i know Squid can only assign some static bandwidths to users. So any user has a particular static bandwidth that cannot be changed. I seems this is not fair nor optimum, Because in idle situations (when little users are requesting) we should give them more bandwidth than their share in busy situations.

So in a fair system the bandwidth should be divided between available users considering a priority (some users should have more share than others). The share of any user depends on all available users. more users less share. Something like this:

UserBandwidth = (OverallAllBandWidth / NumberOfCurrentUsers)

If in one moment we only have one user, we should assign all bandwidth to him.

So:

  • Is this solution possible with Squid?

  • Is it possible with any other software? How about Linux itself? I heard about some abilities in linux kernel for traffic shaping.

If it's impractical, what other solution would you suggest in order to:

  • prevent users from downloading (specially HTTP downloads)

or

  • enforce a bandwidth limit that is fair and certainly dynamic

Thanks!

Community
  • 1
Isaac
  • 581
  • 1
  • 12
  • 25

2 Answers2

3

You could use

acl aclname rep_mime_type mime-type

to block certain mime-types from downloading (eg iso's)

and

reply_body_max_size

to set a ceiling on the biggest files that can be downloaded

you could also use free-sa to analyze your logs to see where the bandwidth is going

http://free-sa.sourceforge.net/

EDIT: Actually squid delay pools will do EXACTLY what you need.

read this article: http://www.howtoforge.com/squid-delay-pools-bandwidth-management

jamespo
  • 1,698
  • 12
  • 12
  • by `rep_mime_type` small downloads will be blocked. But `reply_body_max_size` seems good! did it really block any kind of HTTP downloads? i should try it soon...! – Isaac Oct 30 '09 at 11:57
0

Delay Pools is the way to go, will limit bandwith usage,and still download small files.A problem with mime-types, is users connecting in https and you can't see the content of the request, in some cases even using ilegal proxies.I recommend using calamaris to generate statistics of your squid traffic, will make clear to you where tweaking will help. https://topnetworkguide.com/calamaris-an-external-logfile-analyzer-for-squid-proxies/

Renato Bonfanti
  • 19
  • 3