The Quota/Bandwidth object

Quota size object ( available in 3.x Artica version ) is a proxy extension that calculate the downloaded size per user, IP, website, categories.
Calculated size is each 10mn, hour, day, month.
This object can be used in ACLs in order to block access or limit the bandwidth dynamically.
It’s feature enabled with an active Enterprise License.

Enable the Quota/bandwidth object service

On Your proxy, click on Quota/Bandwidth grey link


Click on the button “Install this feature


  • After the installation, you will see 2 services running.
    • Size Quotas checker: It is the service that calculate the used bandwidth in real-time.
    • Bandwidth volume clients: The proxy plugin that able to answer to proxy which bandwidth a Website or an user or a category have used during a period.
  • The cache time defines the retention time for a quota result.
    For example if the plugin return 2GB for, it will keep this result in memory during 1 minute


 Use the Quota/bandwidth object.

The quota/bandwidth object is designed to be used in “advanced ACLs”, it is a kind of group that return True or False according rules inside a group.

ACLs allows you to create rules to Allow, deny, set a bandwidth limitation according multiple groups

To make it simple, we want to “Deny” users if they reach 100Mo of downloads during 1 Hour.

  • We create a first rule that “Deny” access.
  • Go into groups section of this rule.


  • Click on New proxy object
  • Give the name of the Group.
  • Choose “Quota Size” in the drop-down list.
  • Click on Add button


  • Click on the link of this new group.
  • On the Check Volume by, select how the module will calculate the bandwidth ( could be by user  – means IP or MAC or uid – or By Website or by user and website.
  • On the Check Volume each: define the period of the volume calculation each – Hour in our case.
  • Click on Apply button.


This rule means “Deny access to all requests if the user have reached more than 100Mo of downloads during the current hour”

But i did not want to Deny! i need to limit the bandwidth.

This is the same approach, you have to create a bandwidth limitation object and define a rule that limit bandwidth instead deny access.

Leave a comment