Re: [squid-users] Commercial Squid tweak speeds things up significantly!
Le 25 novembre 2011 16:21, - Mikael - a écrit : > Our school dept wants to buy a commercial proxy (Squid based) which > seems to work a whole lot faster than the standard installation (of > Squid). The performance difference between the two Squid's seems to be > in how commercial Squid implementation is handling a missed object. > > From what I understand their Squid implementation caches the content > in a normal way, but once a client gets a cache miss, then their Squid > allows the client to fetch the record -- apparently Squid doesn't do > it for the client which seems to make the big performance difference. > Once the object is fetched by the client, Squid intercepts it and > stores the object for the other clients. I tested this and that > implementation really, really speeds things up. Now I hate to admit > this but this commercial product is subscription based and that's the > money which I would rather spend on students and teachers, school > supplies for them etc. > > Is it possible to configure Squid that way by modifying config file, > or this is more involved than just editing config file? > > Thanks! > "Once the object is fetched by the client, Squid intercepts it and stores the object for the other clients." That sounds like heap LRU policy, it is not fear to compare a squid out of the box with a solution that has a tunning in parameters. Pesonally, i've develop an algorithm to save you 30% of bandwith with some tunnings based on statistical measures. So it is easy, you dont have to waste money. LD http://www.twitter.com/ldlq
Re: [squid-users] trouble using include
On 26/11/2011 4:33 a.m., yvan vander sanden wrote: Hi. I have trouble using the include directive in /etc/squid3/squid.conf. I am using the latest source, compiled yesterday. So it's version 3.1.16 I'm using it this way: include /var/www/html/squid/filterlist.conf Now I am quite sure that the file gets read, because if I put 'blabla' on a line in filterlist.conf I get an error about it when I reload. But a real command in there don't get added. I have acl's for groups of computers like this: acl CO114 192.168.114.0/24 now If i write the next command directly in squid.conf: http_access deny CO114 all is ok. But when i put that in the includefile (located just below) it won't work. (So the subnet still has web access). Since the http_access i used to test and the include directive are just below each other, it can't be because of another allow directive someplace else. And it can't be because of access rights on the included file because i do get a message if an unknown command is in there. So I'd like to get some help, if someone here knows more of using this include directive. Or perhaps, is there an easy way to see what happens? I've tried putting debug on an going through the logs, but the information is massive that way and i don't really know where to look. To see what happens with include you can run "squid -X -k parse 2>&1 | grep Processing". That is the squid.conf content and order which Squid is loading directives. After that parse process there is no difference between include and non-include config handling. Amos
Re: [squid-users] Commercial Squid tweak speeds things up significantly!
On 26/11/2011 11:21 a.m., - Mikael - wrote: Our school dept wants to buy a commercial proxy (Squid based) which seems to work a whole lot faster than the standard installation (of Squid). The performance difference between the two Squid's seems to be in how commercial Squid implementation is handling a missed object. From what I understand their Squid implementation caches the content in a normal way, but once a client gets a cache miss, then their Squid allows the client to fetch the record -- apparently Squid doesn't do it for the client which seems to make the big performance difference. Once the object is fetched by the client, Squid intercepts it and stores the object for the other clients. I tested this and that implementation really, really speeds things up. Could you name this product and point at some documentation it has about this process? Is it possible to configure Squid that way by modifying config file, or this is more involved than just editing config file? Thanks!
[squid-users] Commercial Squid tweak speeds things up significantly!
Our school dept wants to buy a commercial proxy (Squid based) which seems to work a whole lot faster than the standard installation (of Squid). The performance difference between the two Squid's seems to be in how commercial Squid implementation is handling a missed object. >From what I understand their Squid implementation caches the content in a normal way, but once a client gets a cache miss, then their Squid allows the client to fetch the record -- apparently Squid doesn't do it for the client which seems to make the big performance difference. Once the object is fetched by the client, Squid intercepts it and stores the object for the other clients. I tested this and that implementation really, really speeds things up. Now I hate to admit this but this commercial product is subscription based and that's the money which I would rather spend on students and teachers, school supplies for them etc. Is it possible to configure Squid that way by modifying config file, or this is more involved than just editing config file? Thanks!
[squid-users] trouble using include
Hi. I have trouble using the include directive in /etc/squid3/squid.conf. I am using the latest source, compiled yesterday. So it's version 3.1.16 I'm using it this way: include /var/www/html/squid/filterlist.conf Now I am quite sure that the file gets read, because if I put 'blabla' on a line in filterlist.conf I get an error about it when I reload. But a real command in there don't get added. I have acl's for groups of computers like this: acl CO114 192.168.114.0/24 now If i write the next command directly in squid.conf: http_access deny CO114 all is ok. But when i put that in the includefile (located just below) it won't work. (So the subnet still has web access). Since the http_access i used to test and the include directive are just below each other, it can't be because of another allow directive someplace else. And it can't be because of access rights on the included file because i do get a message if an unknown command is in there. So I'd like to get some help, if someone here knows more of using this include directive. Or perhaps, is there an easy way to see what happens? I've tried putting debug on an going through the logs, but the information is massive that way and i don't really know where to look. Thanks, yvan vander sanden -- -- yvan vander sanden ict Instituut Sancta Maria - Aarschot -- -- yvan vander sanden ict Instituut Sancta Maria - Aarschot
[squid-users] Re: Squid 3.2 CONNECT not working with NTLM - logs
Or more accurate, what is happening is this: http://www.squid-cache.org/mail-archive/squid-users/201106/0095.html That's not solved on 3.2.0.13? Thanks for all! Alex -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/3-2-0-8-SSLBump-Dynamic-SSL-NTLM-browser-prompts-for-username-password-for-every-https-connection-tp3577638p4107573.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Squid 3.2 CONNECT not working with NTLM - logs
Hi Amos! Thanks for your answer! What's happening to me is exactly this: http://www.squid-cache.org/mail-archive/squid-users/201106/0088.html On squid 3.2.0.13... Thanks in advance! Alex -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/3-2-0-8-SSLBump-Dynamic-SSL-NTLM-browser-prompts-for-username-password-for-every-https-connection-tp3577638p4107548.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: Squid 3.2 CONNECT not working with NTLM - logs
On 26/11/2011 3:21 a.m., gutter wrote: Hi Alex! I'm stuck on the same situation. You've solved it? Part of the thread is missing but it sounds like this: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11284.patch also manifests in 3.2.0.8 as hung filedescriptors after HTTPS requests. Amos
[squid-users] Re: Squid 3.2 CONNECT not working with NTLM - logs
Hi Alex! I'm stuck on the same situation. You've solved it? Thanks in advance! Alex -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/3-2-0-8-SSLBump-Dynamic-SSL-NTLM-browser-prompts-for-username-password-for-every-https-connection-tp3577638p4107446.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: Problem with latest squid 3.2 snapshot
On 26/11/2011 1:53 a.m., alexatull wrote: Well, managed to get squid running in SMP mode Short answer was I'd copied stuff from by 3.1.16 production service and was explicitly specifying ip addresses and ports to listen on. So ... http_port 150.237.85.249:3128 http_port 150.237.84.13:3128 Resulted in no IP address being listened on when running in SMP mode but did if I fire up squid with -N arg. ( netstat -a showed squid listening on above IPv4 addresses) Strange. That should not matter any more for SMP workers, they share listening ports. setting http_port 3128 however caused squid to listen on an IPv6 address and everything fired up and I could run squid in SMP mode. I suspect that had more to do with the absence of a specific address than IPv6 specifically. Can you verify that please? [ What I actually ended up doing was 1). Remove kernel option that disabled IPv6 and rebooted machine 2). Rebuilt squid having removed --disable-ipv6 3). Changed cache effective user to locally created "squid" user instead of the default of nobody ( this made a big difference to things actually running) 4). Started from scratch with supplied squid sample config file ad stepped through things till it broke. Amos
Re: [squid-users] squid 3.2 failure
On 25/11/2011 11:52 p.m., alex sharaz wrote: Hi, seem to have some problems with squid 3.2.0.13 Alex 2011/11/25 10:39:29 kid6| WARNING: 1 swapin MD5 mismatches 2011/11/25 10:39:29 kid6| Could not parse headers from on disk object 2011/11/25 10:39:29 kid6| WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this: Thank you for the reminder. There is a proposed fix for this in the bug report at http://bugs.squid-cache.org/show_bug.cgi?id=1890 2011/11/25 10:39:29 kid6| StoreEntry->key: 6F433C6765CB325AC07C48CD383FFC4C 2011/11/25 10:39:29 kid6| StoreEntry->next: 0 2011/11/25 10:39:29 kid6| StoreEntry->mem_obj: 0x151f040 2011/11/25 10:39:29 kid6| StoreEntry->timestamp: -1 2011/11/25 10:39:29 kid6| StoreEntry->lastref: 1322217569 2011/11/25 10:39:29 kid6| StoreEntry->expires: -1 2011/11/25 10:39:29 kid6| StoreEntry->lastmod: -1 2011/11/25 10:39:29 kid6| StoreEntry->swap_file_sz: 0 2011/11/25 10:39:29 kid6| StoreEntry->refcount: 1 2011/11/25 10:39:29 kid6| StoreEntry->flags: CACHABLE,PRIVATE,FWD_HDR_WAIT,VALIDATED 2011/11/25 10:39:29 kid6| StoreEntry->swap_dirn: -1 2011/11/25 10:39:29 kid6| StoreEntry->swap_filen: -1 2011/11/25 10:39:29 kid6| StoreEntry->lock_count: 2 2011/11/25 10:39:29 kid6| StoreEntry->mem_status: 0 2011/11/25 10:39:29 kid6| StoreEntry->ping_status: 2 2011/11/25 10:39:29 kid6| StoreEntry->store_status: 1 2011/11/25 10:39:29 kid6| StoreEntry->swap_status: 0 2011/11/25 10:39:29 kid6| assertion failed: store.cc:1859: "isEmpty()" A separate bug and bigger problem. This reply is supposed to be empty, but somehow has bytes in it. Can you get a backtrace of the crash and followup in this bug report please: http://bugs.squid-cache.org/show_bug.cgi?id=3279 Amos
[squid-users] Re: Problem with latest squid 3.2 snapshot
Well, managed to get squid running in SMP mode Short answer was I'd copied stuff from by 3.1.16 production service and was explicitly specifying ip addresses and ports to listen on. So ... http_port 150.237.85.249:3128 http_port 150.237.84.13:3128 Resulted in no IP address being listened on when running in SMP mode but did if I fire up squid with -N arg. ( netstat -a showed squid listening on above IPv4 addresses) setting http_port 3128 however caused squid to listen on an IPv6 address and everything fired up and I could run squid in SMP mode. [ What I actually ended up doing was 1). Remove kernel option that disabled IPv6 and rebooted machine 2). Rebuilt squid having removed --disable-ipv6 3). Changed cache effective user to locally created "squid" user instead of the default of nobody ( this made a big difference to things actually running) 4). Started from scratch with supplied squid sample config file ad stepped through things till it broke. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Problem-with-latest-squid-3-2-snapshot-tp4104410p4107247.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] MemBuf issue in Squid 3.1.16 on Solaris
On 25/11/2011 8:53 p.m., Justin Lawler wrote: Hi, thanks Amos for this. Is there any site on this patch - giving a list of all changes going into this patch? And also the latest estimated due date? Thanks, Justin http://www.squid-cache.org/Versions/v3/3.1/changesets/ Since I wrote that last message there have been a bunch more 3.1 bugs fixed :). The amount of changes criteria are now nearly reached for a new release. I just got mailed about another Solaris bug about crashes on error page display. Looks easy to fix and will be enough to push out a new release when its done. Amos -Original Message- From: Amos Jeffries On 15/11/2011 7:30 p.m., Justin Lawler wrote: Thanks Amos, Just BTW - is there a scheduled date for 3.1.17 build currently? Probably mid or end of Dec. Amos This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp Hmm :( . A copyright disclaimer not added by me being attributed to my texts in violation of the CreativeCommons copyright on my mailing list submissions. Your email system needs a fix quite urgently. Fair cop adding it to your own emails, but attributing it to third-party creations without prior consent is a bit of a problem. Amos
Re: [squid-users] Squid URL / Network Free Access
On 25/11/2011 8:18 p.m., Edmonds Namasenda wrote: Dear Friends, I am using Squid 3.1 in transparent mode. How can I stop Squid from scanning and logging traffic to particular URLs or networks? Something like users can connect to the URLs or networks freely without Squid's interception. Squid is not doing any interception part itself. It is only the receiver of intercepted traffic. You have to add exceptions to the NAT rules which are doing the actual intercept / packet alterations. By the time the packets arrive at Squid it is too late to do any bypass. All you can do is allow them out immediately with "http_access allow" lines and/or block the record being logged using "log_access deny" lines. There is an official video access portal which seems to be eating up my logs space and then access to it is slowed, somehow. Unrelated, unless your disks are overflowing and cache file storage problems ensuing. Then that is probably something you want to look into separately. Amos
[squid-users] squid 3.2 failure
Hi, seem to have some problems with squid 3.2.0.13 Alex 2011/11/25 10:39:29 kid6| WARNING: 1 swapin MD5 mismatches 2011/11/25 10:39:29 kid6| Could not parse headers from on disk object 2011/11/25 10:39:29 kid6| WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this: 2011/11/25 10:39:29 kid6| StoreEntry->key: 6F433C6765CB325AC07C48CD383FFC4C 2011/11/25 10:39:29 kid6| StoreEntry->next: 0 2011/11/25 10:39:29 kid6| StoreEntry->mem_obj: 0x151f040 2011/11/25 10:39:29 kid6| StoreEntry->timestamp: -1 2011/11/25 10:39:29 kid6| StoreEntry->lastref: 1322217569 2011/11/25 10:39:29 kid6| StoreEntry->expires: -1 2011/11/25 10:39:29 kid6| StoreEntry->lastmod: -1 2011/11/25 10:39:29 kid6| StoreEntry->swap_file_sz: 0 2011/11/25 10:39:29 kid6| StoreEntry->refcount: 1 2011/11/25 10:39:29 kid6| StoreEntry->flags: CACHABLE,PRIVATE,FWD_HDR_WAIT,VALIDATED 2011/11/25 10:39:29 kid6| StoreEntry->swap_dirn: -1 2011/11/25 10:39:29 kid6| StoreEntry->swap_filen: -1 2011/11/25 10:39:29 kid6| StoreEntry->lock_count: 2 2011/11/25 10:39:29 kid6| StoreEntry->mem_status: 0 2011/11/25 10:39:29 kid6| StoreEntry->ping_status: 2 2011/11/25 10:39:29 kid6| StoreEntry->store_status: 1 2011/11/25 10:39:29 kid6| StoreEntry->swap_status: 0 2011/11/25 10:39:29 kid6| assertion failed: store.cc:1859: "isEmpty()" 2011/11/25 10:39:32 kid6| Starting Squid Cache version 3.2.0.13-2022-r11422 for x86_64-unknown-linux-gnu... 2011/11/25 10:39:32 kid6| Process ID 3059 2011/11/25 10:39:32 kid6| Process Roles: worker == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz