online disconnect for authenticated user

Posted on 2007-10-15
Last Modified: 2013-12-16
I have linux box used as proxy server ,, i am using squid 2.5 with ntlm_auth ,, i am using squish script to deny users who exceed their traffic quota ,, this script see who exceed his quota and append his  username to a text file ,, every user exist in this file is denied ,,  but the following case is still has problem :
for example a user is downloading a file its size 900MB ,, and the quota is 100MB ,, the user will be denied after he finished his download and will not be disconnedted ,, but while he is downloading and after exceeds his quota he will be denied from opening any new page or make new download ,, i want to disconnect him directly after he reach his limit , can any one help
Question by:ahfaris
    LVL 8

    Expert Comment

    This has to do with how often squid checks the quota.

    Once a connection is established the default rule would be to not check again untill the next connection attempt.

    What you want is a mid-connection quota check based on some timeout rule or other known quantity.

    However, based on my (brief) re-reading of the documentation of squid, and squidguard, I don't see where this is possible.

    The closest thing I came to was a "connection timeout" that wouldnt allow a connection for more than a certain time.

    This would actually work, have your users use "download managers".  Then limit the number of connections from each IP, then limit the duration of each connection, then the download manager would have to "resume" later when there was quota available.

    Don't know if this is what you want, but it might work for you.


    Author Comment

    I think there is away to stop user untill renew his quota limit ,, any one has another opinion ?
    LVL 19

    Accepted Solution

    yes, there is another option.

    squid will not add to the downloaded bytes until it downloaded the content. so that is why that file goes thru.

    however you can limit a transfer stream using iptables to be no more than 100mb as in your example:

     Setting transfer quotas with quota*
    Setting transfer quotas can be very useful in many situations. As an example, a lot of broadband users will have download quotas set for them by their ISP and many may charge extra for every megabyte transferred in excess of this quota. You can use iptables to monitor your usage and cut you off when you reach your quota (say 2GB) with a rule similar to the following:

    -A FORWARD -p tcp -m quota --quota 1025000 -j ACCEPT

    You can then view your usage with the following command:
    $ iptables -v -L

    You would also need to reset the quota every month manually (by restarting iptables) or with a cron job. Clearly your computer would need to be 'always-on' for this example to be of any use, but there are also any other situations where the quota extension would be useful.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now