How To Configure Granular Bandwidth Management Rules In SafeSquid Proxy Server

Administrators can use SafeSquid to granularly distribute bandwidth across the network, depending on user, group, website being visited, mime or file type being accessed, and time / date range. This is achieved by defining the desired situation, by creating a profile under the Profiles section, and then allocating a specific bandwidth (QoS) to that profile.

For example, suppose this is what we would like to achieve:

1. Morning 1000 hrs to 1100 hrs is the busiest time on the net for the Finance Department, and we have to ensure that their bandwidth is not choked during this time. To achieve this, we would like to reduce the speed at which all other users are allowed to surf during this time, so that the bandwidth can reserved for the Finance Department.
2. The log reports show that a lot of bandwidth is being consumend by users on personal email sites. We do not want to block these sites, but would like to reduce the speed at which these sites are made available.
3. We would also like to reduce the speed at which audio and video files can be downloaded.

We will now define the above three situations under Profiles section in the SafeSquid Interface.

Example 1:

Open the SafeSquid Interface in the browser and go to Config => Profiles => Submit.
Click on Add to add a rule to define the first situation, and create a rule like this:

The first rule applies the profile speed-limit to all requests, including the requests from Finance Department. Now, we would like to apply this profile to every one, except the members of Finance Department. So in the second rule, we remove the profile speed-limit from requests made by Finance Department (note that speed-limit has been mentioned under Added profiles in the first rule, and under Removed profile in the second rule). This ensures that the profile gets applied to everyone, except Finance Department.

Note: The same can also be achieved in a single rule, by specifying a comma separated list of all user profiles, except Finance in the first rule (Accounts,IT,HRD), but there are chances of over looking this rule, if in future we need to create additional user profiles.

Now, from the Config drop-down menu, select Limits and click on Submit. This is where we can define the speed that is to be allocated to speed-limit profile. Ensure that the section is enabled (Enabled = Yes). Click on Add under the Limit sub-section, and create the following rule:

This rule will limit the rate of all requests with profile speed-limit, which as we know, will be applied to everyone except Finance Department, to 10 KBPS. We can confim this by checking the SafeSquid logs => Top Menu => View log entries. You will find entries similat to this -

2008 04 29 10:13:47 [329] limits: transfer download rate: 10240

Check the rate at which users except Finance Depatment are able to access the net.

Example 2:

The log reports show that a lot of bandwidth is being consumend by users on personal email sites. We do not want to block these sites, but would like to reduce the speed at which these sites are made available.

To achieve this, we first need to define the personal email sites. Go to Config => Profiles => Add, and add the following rule:

We can define as many sites as we want, in the Host field, separated with a pipe. 
This field supports regular expresions, so we can also use regex like -

.*mail.* - match all urls which have the word 'mail'

mail\.yahoo\..* - this will match mail.yahoo.com, mail.yahoo.co.in, mail.yahoo.co.uk, i.e. anything followed by mail.yahoo.

Now that we have created the profile for email-sites, we will go to Config => Limits => Submit, and create the following rule:

This rule will limit the rate of all requests with profile email-sites, which will be applied to the sites specified under Host in the first rule, to 5 KBPS. We can confim this by checking the SafeSquid logs => Top Menu => View log entries.

Example 3:

We would also like to reduce the speed at which audio and video files can be downloaded.

To achieve this, go to Config => Profiles => Add, and create the following rule:

This rule will add the profile audio-video to all requests that fetch files with mime type audio and video.

Next, go to Config => Limits => Add, and add the following rule:

This will limit the rate at which audio and video files are fetched to 5 KBPS.

Note: This rule will apply to all websites. So, if you would like to exclude sites from which you would want to allow audio and video files without limiting the rate, just create a rule under profiles and remove the profile audio-video from those sites:

This concludes the three examples. These examples will give you an idea of how you can use Profiles, in combination with other filtering sections, to granularly distribute a controlled Internet access. You can also use Limits section to allocate upload / download quotas.
For  details, see - http://www.safesquid.com/html/portal.php?page=43

Also see:
'Deploying A Content Filtering Proxy Server To Distribute Controlled Internet Access With SafeSquid'
Set Up Gateway Level Virus Security With ClamAV And SafeSquid Proxy
How To Set Up Internet Access Control And Internet Filtering With SafeSquid Proxy Server
How To Control Access To Unwanted Websites Using URL Blacklist With SafeSquid Proxy Server

This page is licensed under a Creative Commons License.