The Quota time object

This entry was posted in Access Control lists on by

The quota time object allows you to define a quota time with budget per user/ip address/MAC address in your ACLs.
This feature is available on 2.19.082502 or above

To enable the feature, you need to use 2 steps:

  1. Create the quota time engine based on the identifier
  2. Create the quota rule in ACls

Create the Quota time engine.

  • On the Proxy section, choose Quota objects link

25-08-2015 10-19-10

  • On the table, click on New Quota object
  • Give your Quota object name.
  • Select the identifier used to count the time quota:
    You can use an IP Address, MAC Address, User name if connected to LDAP or Active Directory and Statistics Virtual Groups
  • Define the pause Period: Pause period is given in seconds and defines
    the period between two requests to be treated as part of the same session.
    Pauses shorter than this value will be counted against the quota, longer ones ignored.
    Default is 300 seconds (5 minutes ).
  • Define the Proxy service TTL: Proxy service TTL in seconds for cached results. The proxy will not query the object for the same request in the TTL period.

25-08-2015 10-27-41

  • Your Quota object is now added.

25-08-2015 10-32-07Use the Quota object in ACLs

  • Choose Complete ACLs on the proxy section.
Complete Acls Link

Your proxy: Complete acl

  • In our example, we want to deny for a specific user if a quota exceed 4 hours per day.
  • In the rule, we use the deny access action.

25-08-2015 10-34-14

  • On the Rule Items click on “New Proxy object
  • In the drop-down list, choose your Added Quota time object

25-08-2015 10-37-26

  • In the object, create item with the users you want to limit

Every entry must start with a user/ip/MAC (debends of the Quota object type ) followed by a time budget and a corresponding time period separated by a slash /.

Here is an example:
john 8h / 1d
melissa 24h / 1w
192.168.1.1 1h / 1d
00:0c:29:4d:89:ad 30m / 1w
You can use s for seconds, m for minutes, h for hours, d for days and w for weeks.
Numerical values can be given as integer values or with a fraction. E.g. 0.5h means 30 minutes.

25-08-2015 10-41-10

In our example, we set a budget of 4H per day for dtouzeau user

  • Note about Active Directory Groups ( v2.21x or above ).
    If you want to use an Active Directory group, add the prefix AD: in the pattern field.
    This is not a dynamic object, Artica will just find all users of the Active Directory group during the compilation parameters and auto-create the same rule for all users inside the group.
    If you add a new user into your Active Directory group you have to re-compile again proxy parameters.

12-09-2015 10-32-37

Notice: If Quota is not exceed then the object result is TRUE, If you using a deny rule with this object, use the reverse checkbox.

25-08-2015 10-44-34

Leave a comment