# squid limiting connections

## Corona688

My users are absolutely KILLING our satellite modem with too many connections.  We're talking "rebooting the modem every 10 minutes to keep it livable" bad.  Limiting the speed of traffic is not enough since the modem only supports 80 connections through it at a time.  Limiting the number of connections per second won't help since its the total number that's killing the modem, not the rate.  How can I get squid to queue up users when its reached a maximum number of connections?  I don't want it to refuse connections, just queue them.

----------

## cach0rr0

there are some inherent problems in doing this

if you don't leave the browser with something to chew on while it's awaiting a free slot, it's going to time out. I don't know what your typical latency is with a heavy user load, but if you only can do 80 outbound connections, at 2-4 concurrent per user, the scalability is going to be greatly diminished. 

specifically, what is the browser to do exactly while its request is in queue? What is Squid supposed to feed the browser while it's in this queue? Nothing of course, but the problem comes in when that 'nothing' is continuous for 2 straight minutes (or whatever the average browser timeout is)

If your delay is nowhere near this, disregard, but that's the biggest pitfall I'd foresee with your "queue and keepalive" method.

----------

## Mike Hunt

Can you post the output please

```
# grep '^[^#]' /etc/squid/squid.conf
```

----------

## Corona688

 *cach0rr0 wrote:*   

> there are some inherent problems in doing this
> 
> if you don't leave the browser with something to chew on while it's awaiting a free slot, it's going to time out. I don't know what your typical latency is with a heavy user load, but if you only can do 80 outbound connections, at 2-4 concurrent per user, the scalability is going to be greatly diminished. 
> 
> specifically, what is the browser to do exactly while its request is in queue? What is Squid supposed to feed the browser while it's in this queue? Nothing of course, but the problem comes in when that 'nothing' is continuous for 2 straight minutes (or whatever the average browser timeout is)
> ...

  Sorry for the long delay in reply, work's thrown other emergencies at me.  I know its not ideal, but limiting the number of connections per customer is even worse, since a web browser is too stupid to know its overloading the proxy and fills the screen with 403's.  I've tried limiting customers with qos but this has a hard time keeping performance high while preventing abuse, and always gets overwhelmed in the end anyway.

And yes, I know;  80 connections is not a lot.  I was frankly shocked that an $800 piece of equipment that doesn't technically need to do routing would be so easily overloaded, and their idea to fix it is a custom-branded server and a $1500 proprietary software package, argh!

```
zph_mode tos

zph_local 16

zph_sibling 16

zph_parent 16

http_port 127.0.0.1:3128

http_port 192.168.12.1:3128 transparent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

acl nocachemime req_mime_type ^application/x-msn-messenger$

acl nocachemime req_mime_type ^app/x-hotbar-xip20$

acl nocachemime req_mime_type ^application/x-icq$

acl nocachemime req_mime_type ^AIM/HTTP$

acl nocachemime req_mime_type ^application/x-comet-log$

no_cache deny nocachemime

cache_mem 64 MB

maximum_object_size 65536 KB

maximum_object_size_in_memory 256 KB

cache_dir ufs /var/cache/squid 1600 16 256

access_log /var/log/squid/access.log squid

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern .               0       20%     4320

refresh_stale_hit 30 seconds

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl Safe_ports port 901         # SWAT

acl purge method PURGE

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

acl to_lan dst 192.168.12.0/24

acl from_lan src 192.168.12.0/24

acl to_vpn dst 172.16.0.0/255.255.0.0

acl from_vpn src 172.16.0.0/255.255.0.0

http_access deny to_vpn

http_access allow from_vpn

http_access allow localhost

http_access deny to_lan

http_access allow from_lan

http_access deny all

http_reply_access allow all

icp_access allow all

cache_mgr email@address

cache_effective_user squid

cache_effective_group squid

visible_hostname        localhost

logfile_rotate 0

forwarded_for off

always_direct allow all

coredump_dir /var/cache/squid

pipeline_prefetch on

shutdown_lifetime 1 second
```

----------

