Module Quotas
About the module
The Quotas module allows you to restrict user access based on their exceeding traffic quotas.
Capabilities
- Limiting user access to the Internet.
Using
The module has three quota statuses:
| № p / p | Status Value | Status Description |
|---|---|---|
| 1 | 0 | No quota exceeded. The string is colored white. |
| 2 | 1 | Daily quota exceeded. The string is colored yellow. |
In order to start using the module, go to the "Manager modules", find Quotas and click on the "Install" link.
Adding a quota
After installation, go to the module by clicking on its name. To add a new quota you need to click the "Add quota" link.
Required Fields:
| № p / p | Field | Description |
|---|---|---|
| 1 | Daily Quota (MB) | The quota that will be provided to the user daily. Let's say the daily quota is 100 megabytes. If the user today spent 100 megabytes, then access to him will be limited. However, the next day, he will again be given 100 megabytes automatically. To provide an unlimited quota, you must set the value to -1. |
| 2 | Active | Enabling quota. If the flag is set, then the quota will be processed by the script. If the flag is unchecked, the status "No quota exceeded" is forcibly set (0). |
| 3 | Exclude used aliases | If the flag is set, then those that are already assigned a quota are excluded from the list of aliases available for selection. If the flag is not set, all aliases are displayed. |
| 4 | Value | The alias to which the quota will be applied. |
Having set all the parameters, click the "Add" button and the quota will be added to the list.
Editing a quota
To edit the quota, go to the Quotas module and click on the alias name.
In the form that opens, the same fields will be available as when adding and additionally one more field.
| № p / p | Field | Description |
|---|---|---|
| 1 | Cur. daily quota (MB) | This field defaults to the daily quota. Let's say the daily quota is 100 megabytes. Therefore, the current daily quota is also equal to 100 megabytes. If the user has exceeded the daily quota, then access will be limited to him. However, you can increase its limit "for today." To do this, set the "Cur. daily quota" field to the desired value, for example 150 megabytes. This means that the user will have access to an additional 50 megabytes for that day. The next day, the current daily quota will again become equal to the daily quota - 100 megabytes. To provide an unlimited quota for today, you must set the value to -1. |
Delete quota
To delete a quota, click on the DELETE link in the last column of the required quota. Or go into edit mode and there click the delete button.
Access limitation
To implement access restrictions, several perl scripts are placed in the module directory
| № p / p | File name | Description |
|---|---|---|
| 1 | quotaupdate.pl | Script for updating quota status. You need to put it in cron. It makes sense to run it after running fetch.pl. |
| 2 | quotablock.pl | Helper to limit user access to quota exceeded. |
| 3 | quotaspeed.pl | Helper to limit user access speed over quota. |
You can use both both helpers or one at a time.
In order for the helper to work, you need to add it to squid.conf.
For all the scripts listed above, as in other Screen Squid perl scripts, you need to configure a database connection.
An additional parameter "typeid", only for helpers, must be set according to how you bound the aliases.
- If aliases are tied to the login, then you need to set the value to 0 (default).
- If aliases are tied to an IP address, then you need to set the value to 1
Next, you need to make changes to squid.conf.
If you use a speed limit helper (quotaspeed.pl)
| № p / p | Value typeid | Instructions for squid.conf |
|---|---|---|
| 1 | 0 | #acl section external_acl_type e_speed ttl = 10 negative_ttl = 10% LOGIN /var/www/html/freetime/modules/Quotas/quotaspeed.pl acl a_speed external e_speed |
| 2 | 1 | #acl section external_acl_type e_speed ttl = 10 negative_ttl = 10% SRC /var/www/html/freetime/modules/Quotas/quotaspeed.pl acl a_speed external e_speed |
Regardless of the typeid value, add the rules:
#http rules section http_access allow a_speed #delay pools section delay_pools 2 delay_class 1 5 delay_class 2 5 #acl some_group external -m=' ' tag slowspeed #slowspeed and fastspeed this is a signal words to squid acl slowclient note tag slowspeed acl fastclient note tag1 fastspeed # Fast clients in a first pool. delay_access 1 allow fastclient delay_access 1 deny all # Slow clients in a second pool delay_access 2 allow slowclient delay_access 2 deny all #Limit speed to delay pools #First unlimited delay_parameters 1 -1/16000 #Second set 64 kbit/s delay_parameters 2 8000/8000
If you use the access restriction helper (quotablock.pl)
| № p / p | Value typeid | Instructions for squid.conf |
|---|---|---|
| 1 | 0 | #acl section external_acl_type e_block ttl = 10 negative_ttl = 10% LOGIN /path/to/script/quotablock.pl acl a_block external e_block |
| 2 | 1 | #acl section external_acl_type e_block ttl = 10 negative_ttl = 10% SRC /path/to/script/quotablock.pl acl a_block external e_block |
Remember to specify the correct / path / to / script.
For both typeid values, add a rule:
#http rules section http_access allow a_block
Reboot Squid.
In order to stop using Quotas, you need to go to the "Manager modules" and click on the "Uninstall" link for the Quotas module.
Important notice:
After enabling access restrictions, by default, access is denied. This means if the alias is not in the list of quotas, then access to it will be denied.
Ideas, bugs, questions?
Feel free to contact us http://t.me/screensquid