[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

online disconnect for authenticated user

Posted on 2007-10-15
3
Medium Priority
?
636 Views
Last Modified: 2013-12-16
I have linux box used as proxy server ,, i am using squid 2.5 with ntlm_auth ,, i am using squish script to deny users who exceed their traffic quota ,, this script see who exceed his quota and append his  username to a text file ,, every user exist in this file is denied ,,  but the following case is still has problem :
for example a user is downloading a file its size 900MB ,, and the quota is 100MB ,, the user will be denied after he finished his download and will not be disconnedted ,, but while he is downloading and after exceeds his quota he will be denied from opening any new page or make new download ,, i want to disconnect him directly after he reach his limit , can any one help
0
Comment
Question by:ahfaris
3 Comments
 
LVL 8

Expert Comment

by:Rance_Hall
ID: 20077931
This has to do with how often squid checks the quota.

Once a connection is established the default rule would be to not check again untill the next connection attempt.

What you want is a mid-connection quota check based on some timeout rule or other known quantity.

However, based on my (brief) re-reading of the documentation of squid, and squidguard, I don't see where this is possible.

The closest thing I came to was a "connection timeout" that wouldnt allow a connection for more than a certain time.

This would actually work, have your users use "download managers".  Then limit the number of connections from each IP, then limit the duration of each connection, then the download manager would have to "resume" later when there was quota available.

Don't know if this is what you want, but it might work for you.

0
 

Author Comment

by:ahfaris
ID: 20081071
I think there is away to stop user untill renew his quota limit ,, any one has another opinion ?
0
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 1000 total points
ID: 20083687
yes, there is another option.

squid will not add to the downloaded bytes until it downloaded the content. so that is why that file goes thru.

however you can limit a transfer stream using iptables to be no more than 100mb as in your example:

 Setting transfer quotas with quota*
Setting transfer quotas can be very useful in many situations. As an example, a lot of broadband users will have download quotas set for them by their ISP and many may charge extra for every megabyte transferred in excess of this quota. You can use iptables to monitor your usage and cut you off when you reach your quota (say 2GB) with a rule similar to the following:

-A FORWARD -p tcp -m quota --quota 1025000 -j ACCEPT
-A FORWARD -j DROP

You can then view your usage with the following command:
$ iptables -v -L

You would also need to reset the quota every month manually (by restarting iptables) or with a cron job. Clearly your computer would need to be 'always-on' for this example to be of any use, but there are also any other situations where the quota extension would be useful.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month18 days, 22 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question