Can I limit the number of connections from a client?
Yes, use the maxconn ACL type in conjunction with http_access deny. For example: acl losers src 1.2.3.0/24 acl 5CONN maxconn 5 http_access deny 5CONN losers Given the above configuration, when a client whose source IP address is in the 1.2.3.0/24 subnet tries to establish 6 or more connections at once, Squid returns an error page. Unless you use the deny_info feature, the error message will just say “access denied.” Note, the maxconn ACL type is kind of tricky because it uses less-than comparison. The ACL is a match when the number of established connections is greater than the value you specify. Because of that, you don’t want to use the maxconn ACL with http_access allow. Also note that you could use maxconn in conjunction with a user type (ident, proxy_auth), rather than an IP address type.
Yes, use the maxconn ACL type in conjunction with http_access deny. For example: acl losers src 1.2.3.0/24 acl 5CONN maxconn 5 http_access deny 5CONN losers Given the above configuration, when a client whose source IP address is in the 1.2.3.0/24 subnet tries to establish 6 or more connections at once, Squid returns an error page. Unless you use the deny_info feature, the error message will just say “access denied.” The maxconn ACL requires the client_db feature. If you’ve disabled client_db (for example with client_db off) then maxconn ALCs will not work. Note, the maxconn ACL type is kind of tricky because it uses less-than comparison. The ACL is a match when the number of established connections is greater than the value you specify. Because of that, you don’t want to use the maxconn ACL with http_access allow. Also note that you could use maxconn in conjunction with a user type (ident, proxy_auth), rather than an IP address type.
Open connection is not the same as concurrent request unless you also set “client_persistent_connections off”, and it’s even less related to number of browser windows or browser sessions active on the client computer. The main reason to use this is to trap malfunctioning clients opening way too many concurrent connections, not as a means to limit the user experience.
” > > http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.22 Yes, but this does not correspond in any easy manner to the question. Open connection is not the same as concurrent request unless you also set “client_persistent_connections off”, and it’s even less related to number of browser windows or browser sessions active on the client computer. The main reason to use this is to trap malfunctioning clients opening way too many concurrent connections, not as a means to limit the user experience.
