Throttle down traffic with HFSC after x seconds
-
I'm searching for a practical method to prevent or limit HTTP/HTTPS cloud uploads from hammering browser requests. Currently using Cbq on Wan and Prio on Lan.
I'm finding that shaping various traffic using these two ports is not practical from a destination ip/port method. Question #1, would the use of HFSC shaping that throttles back to lower throughput after a number of seconds be a better solution? Question #2, does it throttle back each connection or all traffic into a particular queue? If all traffic into queue I don't think this is going to help me segregate cloud traffic (non-bursty) from browser traffic (bursty) as both would be throttled back on equal basis.
Re: http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained
Thanks.
-
I since answered question #1, that FreeBsd does not provide the ability to modify an active connection to a different shape bucket like Linux can. That's how I use to deal with heavy port 80 uploads but apparently isn't an option with PfSense. So I thought I should explore how HFSC handles throttling.
Nobody has an answer for question #2?
-
The firewall is not connection-aware, it just filters packets.
Squid works for HTTP traffic only, but it is connection-aware. I vaguely remember that Squid has some limiting/throttling options, but I have no idea if that would useful for you.