Sunday, January 23, 2011

Squid Proxy Server Limit the number of simultaneous Web connections from a client with maxconn ACL

So how do you limit the number of simultaneous web connections from a client browser system using the open source Squid proxy server?

You need to use squid ACCESS CONTROLS feature called maxconn. It puts a limit on the maximum number of connections from a single client IP address. It is an ACL that will be true if the user has more than maxconn connections open. It is used in http_access to allow/deny the request just like all the other acl types.

Step # 1: Edit squid conf file

Open /etc/squid/squid.conf file:

# vi /etc/squid/squid.conf

Step # 2: Setup maxconn ACL

Locate your ACL section and append config directive as follows:
acl ACCOUNTSDEPT 192.168.5.0/24
acl limitusercon maxconn 3
http_access deny ACCOUNTSDEPT limitusercon

Where,
  1. acl ACCOUNTSDEPT 192.168.3.0/24 : Our accounts department IP range
  2. acl limitusercon maxconn 3 : Set 3 simultaneous web access from the same client IP
  3. http_access deny ACCOUNTSDEPT limitusercon : Apply ACL

Save and close the file.


Restart squid

Restart the squid server, enter:
# /etc/init.d/squid restart


EmoticonEmoticon