Squid ograničenje : Bandwidth quotas

Homepage ovog programa je link.
Ovaj program zbilja i radi, zabranjuje protok korisniku koji je prešao za njega definisanu kvotu.

Instalacija :
Spustiti program i razviti ga na zgodnoj lokaciji.
# mysql -u root -pxxx
mysql> CREATE DATABASE squidaccess;
mysql> GRANT ALL PRIVILEGES ON squidaccess.* TO squidauth@localhost IDENTIFIED BY ‘squidaccess’;
mysq> quit
Posle ovoga se formira imenovana baza :
# mysql -u root -pxxxx -h localhost squidaccess < squidaccess.sql
Fajl bandwidth_calculate staviti u /usr/local/bin/ folder, i prepraviti ga prema stanju na serveru :
…..
my $log_path = “/var/log/squid”;
my $log_file = “access.log”;
…..
my $mysql_host = ‘localhost’;
my $mysql_user = ‘squidaccess’;
my $mysql_pass = ‘squidaccess’;
my $mysql_db = ‘squidaccess’;
Fajl bandwidth_check staviti u folder /usr/local/bin/ i takođe prepraviti prema stanju na serveru :
## MySQL info
my $mysql_host = ‘localhost’;
my $mysql_user = ‘squidaccess’;
my $mysql_pass = ‘squidaccess’;
my $mysql_db = ‘squidaccess’;
Prepraviti fajl /etc/squid/squid.conf, ubacivanjem linija :
….. staviti PRE sopstvenih ACL lista
external_acl_type bandwidth_check ttl=60 %SRC /usr/local/bin/bandwidth_check
acl bandwidth_auth external bandwidth_check
….. “nasi” je ranije definisana naša lokalna mreža
http_access deny nasi !bandwidth_auth
Napraviti fajl /etc/squid/bandwidth_rules :
IP      kriterijum1
IP      kriterijum2
IP adresa može biti i cela mreža, ili opseg IP adresa.

Tabela 1
Abbreviations Meaning                          Example
b                     Plain bytes                      268435456000b/w (250 mb or 268435456000 b a week)
kb                   Kilobytes                         4096kb/d (4096 kilobytes per day)
mb                  Megabytes                      500mb/w (500 megabytes per week)
gb                   Gigabytes                       10gb/m (10 gigabytes per month)

Tabela 2
Abbreviations    Meaning          Example
d                       or day              Per day 40mb/d (50 megabytes a day)
w                       or week           Per week 3gb/w (3 gigabytes a week)
m                       or month         Per month 100gb/m (100 gigabytes a month)
y                        or year            Per year 1024gb/y (1024 gigabytes or 1 terabyte a year)

Testiranje
Proveriti da nema nikakvih grešaka u konfiguracijama :
# /usr/local/bin/bandwidth_calculate /etc/squid/bandwidth_rules
Proveriti na pojedinačnim IP adresama :
# /usr/local/bin/bandwidth_check
10.10.10.140 ova IP adresa nije prekoračila postavljeno ograničenje
OK
10.10.10.142 ova IP adresa jeste prekoračila postavljeno ograničenje
ERR
^C
Zabranjene IP adrese (koje su prekoračile limit) se mogu videti u squidaccess bazi :
mysql> use squidaccess;
Database changed
mysql> show tables;
+———————–+
| Tables_in_squidaccess |
+———————–+
| bandwidth_blocks |
| bandwidth_blocks_old |
| bandwidth_save |
| bandwidth_usage |
+———————–+
mysql> select * from bandwidth_blocks;
+——-+————–+
| order | name |
+——-+————–+
| 0 | 10.10.10.142 |
+——-+————–+

Posle ovoga staviti u cron da programčić svakih 5min sakuplja podatke o IP adresama i o tome koliko su “potrošili” :
# crontab -e
*/5 * * * * /usr/local/bin/bandwidth_calculate /etc/squid/bandwidth_rules
Restartovati squid, da bi se promene “primile”!

Pažnja!!!! Ako se neka IP adresa/opseg već nalazi definisana u squid.conf, ograničenja na nju neće delovati….

This entry was posted in Linux and tagged , . Bookmark the permalink.

Comments are closed.