Jud said:
I use ICS to share my Direcway connection with 3 other
computers on my small local LAN, which uses a switch. Is
there a way (editing the registry or otherwise) to limit
the network bandwidth used by each computer (e.g., by the
NIC MAC address, etc.)? My daughter tends to download
megabytes, which causes Direcway to impose their "Fair
Access Policy" on us and slow everyone down. I'd like to
limit her to, say, 100kbps download. Thanks!
This would require some techy expertise. There is a web proxy server
that has been ported to Windows XP called Squid. It has been tested
for Win XP Pro (which incidentally can have Simple Fire Sharing disabled)
but not tested for Win XP Home (it might work).
Squid for Windows
http://www.serassio.it/SquidNT/index.htm
a.. Squid 2.1 PATCH 3 for Windows NT 4.0
b.. Squid 2.3 STABLE 5 for Windows NT 4.0 & Windows 2000
c.. Squid 2.5 STABLE 3 for Windows NT 4.0 & Windows 2000/XP/2003
d.. Cygwin-svc Squid for Windows
e.. Squid Downloads - Some sources available ONLY from
devel.squid-cache.org
f.. Official Squid WEB Site - PLEASE VISIT BEFORE ASKING ANYTHING !!!
I think this is capable of filtering downloads by size or type such as .mpeg
maybe both; I think it would require some expertise and some resources,
though they are all free, they take time to configure.
http://www.squid-cache.org/Doc/FAQ/FAQ-4.html
4.21 Can I prevent users from downloading large files?
You can set the global reply_body_max_size parameter. This option controls
the largest HTTP message body that will be sent to a cache client for one
request.
If the HTTP response coming from the server has a Content-length header,
then Squid compares the content-length value to the reply_body_max_size
value. If the content-length is larger, the server connection is closed and
the user receives an error message from Squid.
Some responses don't have Content-length headers. In this case, Squid counts
how many bytes are written to the client. Once the limit is reached, the
client's connection is simply closed.
Note that ``creative'' user-agents will still be able to download really
large files through the cache using HTTP/1.1 range requests.
SH: This may be beyond your daughter's present talent. Anyway this gives
you an idea of what utility to look for, a web proxy server for Windows.
7.8 How can I make Squid NOT cache some servers or URLs?
In Squid-2, you use the no_cache option to specify uncachable requests. For
example, this makes all responses from origin servers in the 10.0.1.0/24
network uncachable:
acl Local dst 10.0.1.0/24
no_cache deny Local
This example makes all URL's with '.html' uncachable:
acl HTML url_regex .html$
no_cache deny HTML
This example makes a specific URL uncachable:
acl XYZZY url_regex ^
http://www.i.suck.com/foo.html$
no_cache deny XYZZY
This example caches nothing between the hours of 8AM to 11AM:
acl Morning time 08:00-11:00
no_cache deny Morning
In Squid-1.1, whether or not an object gets cached is controlled by the
cache_stoplist, and cache_stoplist_pattern options. So, you may add:
cache_stoplist my.domain.com
Specifying uncachable objects by IP address is harder. The 1.1 patch page
includes a patch called no-cache-local.patch which changes the behaviour of
the local_ip and local_domain so that matching requests are NOT CACHED, in
addition to being fetched directly.
Section 10. Access Controls
Access Lists
There are a number of different access lists:
a.. http_access: Allows HTTP clients (browsers) to access the HTTP port.
This is the primary access control list.
b.. icp_access: Allows neighbor caches to query your cache with ICP.
c.. miss_access: Allows certain clients to forward cache misses through
your cache.
d.. no_cache: Defines responses that should not be cached.
e.. redirector_access: Controls which requests are sent through the
redirector pool.
f.. ident_lookup_access: Controls which requests need an Ident lookup.
g.. always_direct: Controls which requests should always be forwarded
directly to origin servers.
h.. never_direct: Controls which requests should never be forwarded
directly to origin servers.
i.. snmp_access: Controls SNMP client access to the cache.
j.. broken_posts: Defines requests for which squid appends an extra CRLF
after POST message bodies as required by some broken origin servers.
k..
l.. cache_peer_access: Controls which requests can be forwarded to a given
neighbor (peer).
Notes:
An access list rule consists of an allow or deny keyword, followed by a list
of ACL element names.
An access list consists of one or more access list rules.
Access list rules are checked in the order they are written. List searching
terminates as soon as one of the rules is a match.
If a rule has multiple ACL elements, it uses AND logic. In other words, all
ACL elements of the rule must be a match in order for the rule to be a
match. This means that it is possible to write a rule that can never be
matched. For example, a port number can never be equal to both 80 AND 8000
at the same time.
SH: I found an example of this squid.conf file remarks on Google:
# TAG: reply_body_max_size (KB)
# This option specifies the maximum size of a reply body. It
# can be used to prevent users from downloading very large files,
# such as MP3's and movies. The reply size is checked twice.
# First when we get the reply headers, we check the
# content-length value. If the content length value exists and
# is larger than this parameter, the request is denied and the
# user receives an error message that says "the request or reply
# is too large." If there is no content-length, and the reply
# size exceeds this limit, the client's connection is just closed
# and they will receive a partial reply.
#
If you want to stop, or restrict that type of usage (mp3, mpeg, etc.)
use ACLs to block them, or delay pools to reduce the bandwidth each
client can use.
http://www.tldp.org/HOWTO/Bandwidth-Limiting-HOWTO/install.html
#####DELAY POOLS
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at
http://www.squid-cache.org
#We don't want to limit downloads on our local network.
acl magic_words1 url_regex -i 192.168
#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar
..avi .mpeg .mpe .mpg .qt
..ram .rm .iso .raw .wav .mov
#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwidth
The Best things in life are free,
Stephen
