Rate-limiting with Shorewall
Open web proxies can incur heavy traffic. By default, SwiperProxy will use all bandwidth available to it. However, you may want to restrict the bandwidth usage to leave some for other services, or to stay within bandwidth quota's.
This document assumes that you are already moderately familiar with Shorewall and have a basic functional service set up. If not, see the Shorewall website. We will also assume IPv4-only. The same practices used here also mostly apply to shorewall6.
These lines in their respective configuration files will rate limit the proxy usage. They are meant as examples, and you should tweak and configure as desired.
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH SECTION NEW ACCEPT net fw tcp 80 - - s:apache2:10/min:15 ACCEPT net fw tcp 443 - - s:apache2:10/min:15
# DEVICE MARK RATE CEIL PRIORITY OPTIONS eth0 2 1mbit 10mbit 2 tcp-ack,tos-minimize-delay eth0 3 2mbit 10mbit 3 default eth0 4 1mbit 1mbit 4 flow=dst eth0 5 1mbit 5mbit 5 flow=dst
# INTERFACE IN-BANDWIDTH OUT-BANDWIDTH eth0 90mbit 90mbit
# ACTION SOURCE DEST PROTO DPOST SPORT USER TEST LENGTH TOS CONNBYTES 4 fw - tcp - 80,443 4 fw - - - - www-data 5 fw - tcp - 80,443 5 fw - - - - swiperproxy