[ previous ] [ next ] [ threads ]
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] How to Restrict Bandwidth on HTTP download
 Date:  Sun, 16 Jan 2005 18:01:48 -0000
> Is there any way, we can apply bandwidth restriction to HTTP 
> DOWNLOAD without restricting the General Browsing ( eg. 
> google, hotmail, yahoomail, etc, )?.

I think the only way you'd be able to do this is by using a proxy for web
browsing. I do something similar to what you're trying to do using squid on
a separate machine. Squid has a wonderfully well-commented .conf file so
configuring it isn't particularly difficult. You've got 2 options here:

1) Configure squid to prevent a user getting more than x bytes downloaded
per connection. Then, configure your users' browsers to use squid for web
browsing and tell 'em to use something else for downloads. I use getright,
but there are plenty of other download tools out there. You should be able
to write an autoconfiguration script that'll automatically bypass the proxy
for common download file types (zip, exe, rar, etc.)

2) Configure a squid acl to reject any http requests for download file types
and present the user with an error page telling them they need to bypass the
proxy to download files of this type. (note, if you've got the autoconfig
script set up properly the user will rarely if ever see this page, since the
autoconfig will have already told the browser to bypass the proxy for that

Whichever approach you take, you now need to tell m0n0wall what's going on.
Personally I just prioritize all traffic from the Squid machine above the
rest of the network, but if you *only* expect your users to be doing web
browsing, you could class anything else as really low priority.

I'll be the first to admit it's an inelegant solution, but it does work
reasonably well.


C.M. Bagnall, Partner, Minotaur
Tel: (07010) 710715   Mobile: (07811) 332969   ICQ: 13350579
AIM: MinotaurUK   MSN: minotauruk at hotmail dot com   Y!: Minotaur_Chris
This email is made from 100% recycled electrons