Bandwidth control using https communication isn't effective in RHEL8(squid-4) and RHEL9.0(squid-5.2)
Issue
We set the delay_parameters option and verified downloading the web server's files from the web client using https communication.
We show the results of our verification below.
- When downloading the web server's files from the web client using https communication:
We executed the ifstat command on the squid server and checked the amount of data received from the squid server to the web client using http communication, and the amount of data exceeded the limit.*1
-----
Web Server 192.168.122.24
squid Server 192.168.122.14(ens7) 192.168.122.14(ens8)
client 192.168.122.12
- squid.conf (extract)
acl rhel79-12 src 192.168.122.12
acl rhel84-24 dst 192.168.122.24
acl SSL_ports port 443
#acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
delay_pools 1
delay_class 1 1
delay_access 1 allow rhel84-24
delay_access 1 deny all
delay_parameters 1 10240/10240 *1
- client operation commands
# curl -O https://192.168.122.24:443/bash-4.4.19-14.el8.src.rpm --proxy 192.168.122.14:3128
- ifstat command (extract) squid server
Interface RX Pkts/Rate TX Pkts/Rate RX Data/Rate TX Data/Rate
RX Errs/Drop TX Errs/Drop RX Over/Rate TX Coll/Rate
ens7 183 0 545 0 10055 0 *1 3613K 0
0 0 0 0 0 0 4099 0
ens8 2488 0 208 0 3701K 0 14171 0
0 0 0 0 0 0 1040 0
-----
Environment
- Red Hat Enterprise Linux 8
- All versions of squid
- Red Hat Enterprise Linux 9
- squid-5.2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
