Title: By p@ss transparent proxy Settings for Non-Transparent Proxy Users Post by: denpun on Thursday 12 November 2009, 07:39:44 am Greetings,
In standalone squid, one c.an have various download limits for various groups of people. Groups can either be bunch of ips or subnets, etc. We are using endian 2.3 in non-transparent mode & transparent mode. We will move to only non-transparent. Within By p@ss transparent proxy Settings, we have subnets of certain groups of people for which we want no filtering of any sort. There is a download limit that is enforced by endian. This download limit is applied to everybody in transparent and non- transparent mode. This limit is ignored when one is using transparent mode and when the user is in the by p@ss proxy settings list. Now the problem arises when one is using non-transparent mode and one wants to by p@ss this limit or have another limit set. 1) How would be be possible for use to have download limit profiles? Just like the filtering profiles? I know that this can be done in squid. Its just a gui problem. 2) How can I do this immediately by manually editing files? Which files? Edit: I now see an option to include custom.tmpl in /etc/squid.conf will look into this for doing this manually but it would be nice to be able to do this via GUI. Edit: Excuse the "p@ss" ..guess was being "censored" could not use the word byp because of you know what. Title: Re: By p@ss transparent proxy Settings for Non-Transparent Proxy Users Post by: denpun on Friday 13 November 2009, 01:18:05 am I edited /var/efw/proxy/custom.tmpl
Added the following 4 lines: Code: acl no_download_limits src x.x.x.x/255.255.255.0 The lines do get copied to /etc/squid.conf on restart of the proxy service. The problem however is that they get copied under the lines: Code: # replace body max size The problem with this is that acls are read from first to last.....first rule that matches is applied ..so the first rule is applied..enforcing the downlaod limits coming from the gui....as opposed to my custom acls for setting no limits for 3 subnets.... I tried editing /etc/squid/squid.conf.tmpl and moved the section that seemingly creates the custom insert to a position above the gui rules....but they get ignored....appears that this is not the file that is being used to create the squid.conf On one of the forum posts I read that you have to restart fw..tried that too...but to no avail...any ideas on which tmpl is used..or how can i get my custom acls before the gui acls...or atleast a part of the gui acls? Thanks. Title: Re: By p@ss transparent proxy Settings for Non-Transparent Proxy Users Post by: denpun on Friday 13 November 2009, 01:42:06 am Never Mind.....found my answer.
For those interested.... /etc/squid/squid.conf.tmpl is indeed the source for the /etc/squid/squid.conf file. The /etc/squid/squid.conf file is generated based on the template /etc/squid/squid.conf.tmpl. The setting for the template file, /etc/squid/squid.conf.tmpl, I assume are gotten from the settings file elsewhere. Anyways...there is a section in /etc/squid/squid.conf.tmpl which is Code: # begin custom.tmpl I moved the above code just above where I wanted it. In theory, i think, it can be moved anywhere in the tmpl file as long as you don't have conflicting configurations in the custom file. Once you move the code in the tmpl file to another location in the tmpl file, that meets your needs, simply edit the custom file which is at /var/efw/proxy/custom.tmpl and include your acls or any other custom configs. and thats it. Your seeting will be saved and included every time suqid starts. If you read my earlier posts, I said that it did not move the config.....it actually does work..except I moved the wrong code.....so I made a mistake. I moved: Code: #if $CUSTOM_ACL != '' instead of Code: # begin custom.tmpl wonder how i missed...the obvious. Anyways. Its working. Thanks. :) |