Re: [squid-users] cache dir size / cache mem
On 01.11 10:42, digitalfx wrote: please send new mail to list when opening new thread. for 150 users, which is the recommended/optimal size for /var/spool/squid 100 16 256 ?? cache_dir /var/spool/squid 100 16 256 is already a setting... the cache_dir size should be as big one week's HTTP traffic. the second level directory number probably should stay 256, the first depends on cache size, minimal and maximal file size. Im using 2HDs 120Gb each in raid 0 mode for /var have you read the FAQ? http://www.squid-cache.org/Doc/FAQ/FAQ-3.html#ss3.11 however, for 2x120GB spool and for objects 0B - 32 MB I'd use setting cache_dir 10 32 256 and use two caches, one on each drive. and cache_mem ?? try to look at: http://www.squid-cache.org/Doc/FAQ/FAQ-8.html you will find out how much memory will squid probably eat, substract that from memory your machine has and wee how many will remain for rest of the OS. I think you can use 8MB memory cache, however I use 300MB with maximom object size in memory set to 256KB -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer.
[squid-users] Blocking MSN messenger
Hi All I know, I know that this has been asked before, but I had to re-install my PC please give me the acl rules for blocking MSN messenger. Thanks Regards Gert Brits
[squid-users] Help squid_ldap_group W32
Hi all, I'm trying to working with squid into a windows 2K server, and I've users into a ldap three. My scope is to have two groups: internetOK has access to internet e internetNO hasn't. In my squid.conf I've: auth_param basic program /Squid/libexec/squid_ldap_auth.exe -u cn -b ou=utenti,dc=bdcnet,dc=it -D cn=superadmin,cn=users,dc=bdcnet,dc=it -w pass -d -v 3 -h 192.168.1.1:389 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off external_acl_type ldap_group %LOGIN /Squid/libexec/squid_ldap_group.exe -u CN -b OU=utenti,DC=bdcnet,DC=it -d -f ((CN=%u)(objectClass=person)((memberOf=cn=internetOKnavigare,OU=utenti,DC=bdcnet,DC=it))) -h 192.168.1.1:389 acl internetgroup external ldap_group internetOK acl NOinternet external ldap_group internetNO acl autenticati proxy_auth REQUIRED http_access deny autenticati NOinternet http_access allow autenticati internetgroup http_access deny all The basic authentication work for me good, but the authorization membership doesn't work. For the external_acl_type I try different ldap search strings, but none seems to work: for example: external_acl_type ldap_group squid_ldap_group.exe -u CN -b OU=utenti,DC=bdcnet,DC=it -d -D cn=superadmin,cn=users,dc=bdcnet,dc=it -w pass -f ((cn=%u)(|(memberOf=cn=internetOK,OU=utenti,DC=bdcnet,DC=it)(memberOf=cn=internetNO,OU=utenti,DC=bdcnet,DC=it))) -h 192.168.1.1:389 -D cn=superadmin,cn=users,dc=bdcnet,dc=it -w pass What are right parameters for -f option in squid_ldap_group? Thanks in advance, and Best Regards Samantha Raffaele - NUOVA WEBMAIL DI INTERFREE! Da oggi Interfree offre a tutti i suoi utenti un nuovissimo servizio di WebMail tra i più evoluti e una qualità professionale che si rinnova di continuo: - Controllo antivirus - Filtro antispamming - Configurazione di account esterni - Accesso gratuito a InterDrive dove salvare e organizzare i tuoi file da qualsiasi computer e in qualsiasi momento ... Iscriviti gratuitamente all'indirizzo http://www.interfree.it e prova il nuovo servizio! Lo Staff di Interfree -
[squid-users] i want more memory for squid?
Hello all, I have a dell server with 1Gb RAM and its running squid2.4STABLE6 on RedhatAS2.1 I am expecting that squid would be using atleast 300Mb of the RAM, but suprisingly cache manager reports that its only 52Mb. Is there any way i can increase this value? Pasted bellow is memory info from cahche manager and process report using the top command. Memory usage for squid via mallinfo(): Total space in arena: 51009 KB Ordinary blocks:50675 KB 2113 blks Small blocks: 0 KB 0 blks Holding blocks: 176 KB 1 blks Free Small blocks: 0 KB Free Ordinary blocks: 333 KB Total in use: 50851 KB 100% Total free: 333 KB 1% top command: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 10866 squid 16 0 53792 52M 1340 S16.3 5.2 43:22 squid 881 root 15 0 1180 1180 448 S 0.5 0.1 3:25 klogd 149 root 15 0 00 0 SW0.3 0.0 3:17 kjournald 876 root 16 0 588 588 488 S 0.1 0.0 6:13 syslogd 28303 root 15 0 1076 1076 832 R 0.1 0.1 0:00 top 1 root 15 0 512 512 444 S 0.0 0.0 0:04 init __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
[squid-users] RE: i want more memory for squid?
Hello all, I have a dell server with 1Gb RAM and its running squid2.4STABLE6 on RedhatAS2.1 I am expecting that squid would be using atleast 300Mb of the RAM, but suprisingly cache manager reports that its only 52Mb. Is there any way i can increase this value? Pasted bellow is memory info from cahche manager and process report using the top command. You have a 'lucky vision' ; most people want the reverse :-) : 1) Squid's mem usage depends on the size of the configured cache dir(s). Check the FAQ for more info. 2) You could increase 'cache_mem' ; however read the comments in squid.conf.default about the meaning and implications of this parameter. M.
RE: [squid-users] Blocking MSN messenger
You really should print this out and wallpaper your fridge with it:) A very quick search, on your name, gave this as the 3rd link down: http://www.squid-cache.org/mail-archive/squid-users/200407/0580.html Notice who it is to:) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [squid-users] Block MSN Aww c'mon, searching the archives isn't that hard! A search for block MSN 2004 using the search box on ttp://www.squid-cache.org/ provides http://www.squid-cache.org/mail-archive/squid-users/200407/0051.html as hit number 2 Regards, Rob Hadfield Quoting Gert Brits [EMAIL PROTECTED]: Hi all I know this has been asked not long ago, but I lost my mail, and have so much to do How can I block MSN messenger traffic in squid ? Regards Gert Brits -Original Message- From: Gert Brits [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 7:19 AM To: [EMAIL PROTECTED] Org Subject: [squid-users] Blocking MSN messenger Hi All I know, I know that this has been asked before, but I had to re-install my PC please give me the acl rules for blocking MSN messenger. Thanks Regards Gert Brits
RE: [squid-users] Blocking MSN messenger
Got it thanks Has the http_access rule at wrong place. Regards Gert Brits Senior Engineer -Original Message- From: Chris Perreault [mailto:[EMAIL PROTECTED] Sent: 02 November 2004 02:41 PM To: Gert Brits; [EMAIL PROTECTED] Org Subject: RE: [squid-users] Blocking MSN messenger You really should print this out and wallpaper your fridge with it:) A very quick search, on your name, gave this as the 3rd link down: http://www.squid-cache.org/mail-archive/squid-users/200407/0580.html Notice who it is to:) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [squid-users] Block MSN Aww c'mon, searching the archives isn't that hard! A search for block MSN 2004 using the search box on ttp://www.squid-cache.org/ provides http://www.squid-cache.org/mail-archive/squid-users/200407/0051.html as hit number 2 Regards, Rob Hadfield Quoting Gert Brits [EMAIL PROTECTED]: Hi all I know this has been asked not long ago, but I lost my mail, and have so much to do How can I block MSN messenger traffic in squid ? Regards Gert Brits -Original Message- From: Gert Brits [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 7:19 AM To: [EMAIL PROTECTED] Org Subject: [squid-users] Blocking MSN messenger Hi All I know, I know that this has been asked before, but I had to re-install my PC please give me the acl rules for blocking MSN messenger. Thanks Regards Gert Brits
RE: [squid-users] Sporadic high CPU usage, no traffic
On Mon, 1 Nov 2004, Chris Robertson wrote: 2004/11/01 11:32:55| cbdataUnlock: Freeing 0x83ef270 2004/11/01 11:33:08| eventRun: RUN ID 1342 This is really killing me. Is it the eventRun that is causing the stall, is it breaking the stall, or is it completely unrelated? Probably unrelated. Does strace reveal any activity during the strange hickups? You can also try running Squid under the control of a debugger (i.e. gdb) and break it while it is stuck (Control-C). This should show you where/what it is doing at the time. Regards Henrik
Re: [squid-users] store.log, store_log.c, storeLog() question
On Mon, 1 Nov 2004, OTR Comm wrote: I have store_dir.c in the pushcache patch, but not store_dir_ufs.c. Which version of Squid is this based on? Regards Henrik
Re: [squid-users] Not able to setup Squid with WCCP 2
On Tue, 2 Nov 2004, Milind Nanal wrote: Is there any patch I need to apply to enable WCCP 2 enable? Yes. See http://devel.squid-cache.org/ Also let me know what are the advantages on setting up WCCP2 over WCCP1. Mainly that Cisco maintains the WCCPv2 implementation in their routers somewhat better. Is there any major feature that WCCP2 give so that I can break my head in setting up WCCP2. Not for Squid. For Squid the use of WCCPv1 or WCCPv2 provides exactly the same functionality. It is possible that in future some kind soul provides a Squid WCCPv2 implementation which makes better use of new new features provided by WCCPv2, but the WCCPv2 support available for Squid today does not make use any of the new features available in WCCPv2 compared to WCCPv1. Regards Henrik
Re: [squid-users] squid + epoll polygraph test
On Tue, 2 Nov 2004, Muthukumar wrote: Is there anyone benchmarked squid+epoll() on polygraph? How may I expect requests satisfaction limit on Linux host 2.6.5-1.358 #1 i686 athlon i386 GNU/Linux platform? There has not been any benchmark on Squid-3 + epoll in a long time. The performance of this is not known. The Squid developers is currently focused on first getting Squid-3 reasonably stable and correct before looking at performance. During polygraph testing, I am getting errors as, 004.03| ./Xaction.cc:79: error: 1/1 (267) unsupported HTTP status code 004.03| ./Xaction.cc:79: error: 2/2 (267) unsupported HTTP status code Could be many things. I would recommend starting with a Squid-2.5 to verify that you have the Polygraph setup correct. This should run without any errors except the expected ones.. Then try out Squid-3. Regards Henrik
[squid-users] reverse proxy with caching and authentication
Hi, is it possible to use a reverse proxy server with authentication? I've read that you have to recompile this option into Squid. Why isn't it a default option in Squid? I do now want to recompile my squid version when there is a security exploit and rather use the up2date/yum functionallity from WhiteBox/RedHat. I use WhiteBox Enterprise Linux 3.0 , Squid version: squid-2.5.STABLE3-6.3E.1 Thanks in advance. Regards, Michiel
Re: [squid-users] advisory message before browsing
On Tue, 2 Nov 2004, Rolf wrote: I can get that a redirector would be handy - squid sends the requested url to the redirector (any url or only unapproved ones for eg) which is then rewritten to the advisory page. This would display the advice page in the same browser window. But then how does one construct the mechanism to continue to the requested url? This is possible by a) Have the redirector and your policy page share a common database on users who have accepted the policy. b) Have the redirector send the original URL as a query argument to your policy page, allowing the policy page to redirect back to the original URL when the policy is accepted and this user has been added to the policy accepted database. Seems that the url for the advice page could be comprised of javascript to cause a new window to appear - is it as simple as once such a window is dismissed the requested url would get loaded? Trivial JavaScript coding... opener.location = the_original_url; window.close(); assuming you have already figured out how to get the original URL. How you present this thing or get back to the original URL after the redirection is all about HTML/JavaScript, nothing really relevant to the proxy. Further how is this accomplished so that the warning advice only appears upon first using the browser (time limited or what)? If you do this in the proxy time is about the only variable you have. There is other approaches solving this outside of the proxy. It is also possible solving it at the client by using a clever proxy-pac script (assuming you have control over the clients). Regards Henrik
Re: [squid-users] redirector with Shutdown flag
Henrik thanks. According to the Squid FAQ the only way to shutdown the redirectors is to close their stdin (squid's stdout). My understanding is that the shutdown flag is only for squid and there is no way redirectors to know about it. So if for some reason redirector send something to stdout (squid's stdin) after squid set the Shutdown flag, squid will keep this redirector in service ... am I right? Thanks, Val On Mon, 1 Nov 2004, Henrik Nordstrom wrote: On Mon, 1 Nov 2004, Valentin Chopov wrote: Do you think it will be a good idea Squid continuously to remind these redirectors to shutdown (e.g. every 1h)? The shutdown indication to the helper is permanent, always there. As soon as the helper tries to read the next request it notices.. Regards Henrik
Re: [squid-users] Help squid_ldap_group W32
On Tue, 2 Nov 2004 [EMAIL PROTECTED] wrote: external_acl_type ldap_group %LOGIN /Squid/libexec/squid_ldap_group.exe -u CN -b OU=utenti,DC=bdcnet,DC=it -d -f ((CN=%u)(objectClass=person)((memberOf=cn=internetOKnavigare,OU=utenti,DC=bdcnet,DC=it))) -h 192.168.1.1:389 This looks a little odd.. normally one uses a search filter looking for the group object where the user is member, not the person object having the group as membership attribute. In addition you should be using a %g at a suitable position in the filter for the group name.. If continuing doing the lookup on the person object the filter should be something like the following: ((CN=%u)(objectClass=person)(memberOf=cn=%g,OU=utenti,DC=bdcnet,DC=it)) Or you could do it the LDAP way and look for a group object having the user as member. You then specify the exact same filter as used in squid_ldap_auth to the -F option of squid_ldap_group, and a suitable group filter to -f ((CN=%g)(objectClass=groupOfPeople)(member=%u)) (%u in the group search filter -f translates to the users DN, not the login name when using the -F option) Regards Henrik
Re: [squid-users] i want more memory for squid?
On Tue, 2 Nov 2004, Yemi Fowe wrote: I am expecting that squid would be using atleast 300Mb of the RAM, but suprisingly cache manager reports that its only 52Mb. Is there any way i can increase this value? A bigger cache is the best way (see cache_dir directive). If you do not have a cache directory then you can use a memory cache by using the cache_mem directive. Regards Henrik
Re: [squid-users] RE: i want more memory for squid?
On Tue, 2 Nov 2004, Elsen Marc wrote: 2) You could increase 'cache_mem' ; however read the comments in squid.conf.default about the meaning and implications of this parameter. It may also be noted that recent experience indicates Squids cache_mem performs some orders of magnitude worse than expected on large files.. Regards Henrik
RE: [squid-users] reverse proxy with caching and authentication
Hi, is it possible to use a reverse proxy server with authentication? I've read that you have to recompile this option into Squid. Why isn't it a default option in Squid? I do now want to recompile my squid version when there is a security exploit and rather use the up2date/yum functionallity from WhiteBox/RedHat. I use WhiteBox Enterprise Linux 3.0 , Squid version: squid-2.5.STABLE3-6.3E.1 http://www.squid-cache.org/mail-archive/squid-users/200212/0035.html and/or http://www.squid-cache.org/mail-archive/squid-users/200304/0003.html M.
Re: [squid-users] reverse proxy with caching and authentication
Elsen Marc wrote: Hi, is it possible to use a reverse proxy server with authentication? I've read that you have to recompile this option into Squid. Why isn't it a default option in Squid? I do now want to recompile my squid version when there is a security exploit and rather use the up2date/yum functionallity from WhiteBox/RedHat. I use WhiteBox Enterprise Linux 3.0 , Squid version: squid-2.5.STABLE3-6.3E.1 http://www.squid-cache.org/mail-archive/squid-users/200212/0035.html and/or http://www.squid-cache.org/mail-archive/squid-users/200304/0003.html M. Thanks.. too bad it isn't implemented in the stable rpm version. Now I have to recompile squid ( I do now want to this every time there is a security exploit) or use the 3.0 beta :( Michiel
[squid-users] Invalid URL while trying to retrieve /
Hi, I'm getting a strange error while trying to use squid as an httpd accelerator. The error from squid is that it can not retrieve the url /, but on the browser I'm using the url http://stage.example.com/. The address for this domain is in my hosts file. It's also in the hosts file of the server. Typical squid access log entry: 1099412745.010 9 192.168.2.75 TCP_DENIED/400 1419 GET / - NONE/- text/html Some relevant lines from squid.conf: http_port 80 redirect_rewrites_host_header off http_access allow all httpd_accel_port 81 httpd_accel_single_host on httpd_accel_uses_host_header off redirect_rewrites_host_header off The httpd is listening on port 81. There are no requests getting to the httpd at all. Nothing in the logs. Thanks for any help or suggestions. JIM
Re: [squid-users] store.log, store_log.c, storeLog() question
Which version of Squid is this based on? 2.5.STABLE5-CVS Thanks, Murrah Boswell
[squid-users] Body Filter
Is any program filter out there with body filter?, I mean regexp in the body of the page not in the URL? does squidguard have this facility? Thanks a lot -- Pablo A. C. Gietz
RE: [squid-users] Body Filter
Like DansGuardian? It the htlm code by looking for expressions and weights those expressions. Is this what you are looking for. SquidGuard just does a blacklist URL. DansGuardian looks at the page is self. -Original Message- From: Pablo Gietz [mailto:[EMAIL PROTECTED] Sent: November 2, 2004 10:45 AM To: [EMAIL PROTECTED] Subject: [squid-users] Body Filter Is any program filter out there with body filter?, I mean regexp in the body of the page not in the URL? does squidguard have this facility? Thanks a lot -- Pablo A. C. Gietz
[squid-users] Squid (gateway) + Transparent - Antivirus ??
Hello Experts, I have set up squid as transparent, and doing only web caching. The box acts as the gateway. No proxy all addresses behind the box are external IP. How can i add antivirus to the squid box so that atleast some protection is added. THanks all in advance.
[squid-users] Squid NTLM Auth -- Dansguardian -- Squid Cache
Since Dansguardian doesn't support NTLM authentication, could someone give me step-by-step directions or point me to a HOWTO for configuring two squid processes on the same box? The first squid would handle the authentication and then pass the request to Dansguardian which would then pass it to the second squid for caching. Thanks, ~M -- Get Firefox! http://www.mozilla.org/products/firefox/
[squid-users] Giving Trouble to Block MSN messenger
Hello All, I am not able to block MSN Messenger when I put this rule in rc.firewall script This rule is required for to connect VPN sever at client side. $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP Could any one tell me what needs to be change in Squid.conf for blocking MSN messenger or tell me the way to block it. Thanks and Regards Nilesh, __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
Re: [squid-users] webpage redirection
Udv! KZ Hi all ! KZI want to redirect a web page with squid to another web page (example : KZ www.yahoo.com to www.hotmail.com) KZWhen my clients write www.yahoo.com in internet explorer to open hotmail KZ page, possible ? Yes, use SquidGuard. -- Thomas Elias Title: System administrator, Programmer mailto: [EMAIL PROTECTED] Tel.: +3630/3299315 ICQ UIN: 206-714-459 Quote: A számban a nyál, az ütõeremben a vér! Végzem a dolgomat, Te meg majd eldöntöd, hogy mennyit ér! (TCS)
[squid-users] squid3 pre3-20041102: WARNING: transparent proxying not supported (visolve not help)
Hy all! Again the weird trnasparent proxying problem. I revised all docs found on the net, but no solution yet. Debian SARGE system, with kernel 2.6.9, no patches. routing, and iptables enabled. squid compiled from source, with options: $CONFIGURE --with-dl --enable-default-err-language=Hungarian --enable-poll --enable-select --disable-http-violations --enable-linux-nefilter \ --disable-ident-lookups --enable-delay-pools --enable-gnuregex --sysconfdir=/etc/squid --prefix=/usr/local/squid --enable-underscores \ --enable-time-hack --with-samba-sources=/root/install/unpacked/samba-3.0.7 --enable-cache-digests --sysconfdir=/etc/squid --enable-storeio=ufs,diskd \ --disable-icp --enable-dl-malloc If not used with transparent proxying it just work fine... But now I'd need to be transparent... In /etc/network/services: ip_forward=yes and already configured my squid and firewall: $IPTABLES -t nat -A PREROUTING -p tcp -i $LAN_KOLL_IFACE -s $LAN_KOLL_NET --dport 80 -j REDIRECT --to-ports 3113 (I have static IP, so no MASQUERADING, but SNAT used: $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP) Squid starts normally, says: 2004/11/03 03:03:59| Accepting transparently proxied HTTP connections at 10.2.254.1, port 3113, FD 11. 2004/11/03 03:03:59| WCCP Disabled. 2004/11/03 03:03:59| Ready to serve requests. Just after I do the first hit, the WARNING: transparent proxying not supported message appears at the end of the cache.log, and the client has the message, that says, the / is an invalid url. in the access log I see: 1099446498.298 1 10.2.0.1 NONE/400 1514 GET / - NONE/- text/html 1099447470.783 1 10.2.0.1 NONE/400 1514 GET / - NONE/- text/html 1099447497.574 0 10.2.0.1 NONE/400 1514 GET / - NONE/- text/html What's this, and where to from here? -- Thomas Elias Title: System administrator, Programmer mailto: [EMAIL PROTECTED] Tel.: +3630/3299315 ICQ UIN: 206-714-459 Quote: Too many people making too many problems (InFlames)
RE: [squid-users] WCCP 1 squid box found but not able to browse
Thanks buddy my problem is resolved by adding ip_wccp support in the kernel REgards Milind -Original Message- From: Awie [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 9:55 AM To: Milind Nanal; [EMAIL PROTECTED] Subject: Re: [squid-users] WCCP 1 squid box found but not able to browse iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 echo 1 /proc/sys/net/ipv4/ip_forward My problem is that I am not able to browse any site one the router starts diverting all HTTP request to squid box. If I set squid proxy in the client's browser then it works that means my squid is able to serve the request. But setting proxy on client's browser is not I want. I want it to run in transparent mode. I have used http://www.swelltech.com/support/usersguide/ch10.html to setup this . Did you load ip_wccp.o already? Thx Rgds, Awie
Re: [squid-users] advisory message before browsing
Hello Thanks very much. To follow up... I can get that a redirector would be handy - squid sends the requested url to the redirector (any url or only unapproved ones for eg) which is then rewritten to the advisory page. This would display the advice page in the same browser window. But then how does one construct the mechanism to continue to the requested url? b) Have the redirector send the original URL as a query argument to your policy page, allowing the policy page to redirect back to the original URL when the policy is accepted and this user has been added to the policy accepted database. Have done this and it works beautifully. Used a short javascript that accepted ?url=www.orig.url as an argument to the policy page url. Was quite simple. Further how is this accomplished so that the warning advice only appears upon first using the browser (time limited or what)? If you do this in the proxy time is about the only variable you have. I am quite happy to have time as the measure to determine when the policy page re-appears. Though I am a bit stuck here. Is it possible to adapt the proxy auth mechanism I am wondering. All users will be subject to basic auth upon first trying a url. Having been authenticated they get to the policy page, but upon return from the policy page, I can't see how to know they've been there and not to redirect them again. This is indeed your excellent policy accepted database idea, but how can I implement it? Can I do so with ACLs and redirector_access? It sounds like it needs some database arrangement that is populated by the script that runs the policy page. And de-populated by some other scheduled task that removes old entries. BUt, how does squid see these entries? thanks again rolf.
[squid-users] Multiple cache_dir
Hello, I have squid configured with multiple cache_dir, in squid.conf : cache_dir ufs /cache1 62000 32 256 cache_dir ufs /cache2 66000 32 256 But, when I check the usage of the disk partion, the cache2 partition get rapidly filled with squid cache. Is this normal? If not, how do I solve the problem? /dev/ad3s4d67G 184M62G 0%/cache1 /dev/ad2s1d72G 1.8G65G 3%/cache2 Thank you, Rgds, Asfihani
Re: [squid-users] squid + epoll polygraph test
Hai Gonzalo, I've been using squid3 with epoll support for a couple of months. In my case, squid with poll/select did consume up to 100% CPU. With epoll, CPU usage dropped to less than 10%. It seems to be great. How many requests are being generated per second? Are you using squid-3.0-pre3+latest patch for epoll(). I am on analysis of squid-3.0pre3 + epoll() requests satisfaction / second there. Compilation: ./configure --prefix=/home/muthu/squidepoll --enable-epoll --with-aufs-threads=32 --with-descriptors=32768 --with-pthreads --enable-storeio=null,ufs,aufs --disable-poll --disable-select --disable-kqueue Configuration: cache_mem 90 MB( 200 MB RAM ) cache_dir null /dev/null cache_access_log none cache_store_log none Long term average max CPU usage: http://webs.uolsinectis.com.ar/garana/x/cpu.4.png With epoll, CPU usage over the last 24 hours: http://webs.uolsinectis.com.ar/garana/x/cpu.png Thanks for informations. Regards --Muthu --- === It is a Virus Free Mail === Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.786 / Virus Database: 532 - Release Date: 10/29/2004
Re: [squid-users] Multiple cache_dir
On Wed, 3 Nov 2004 10:09:59 +0700, Asfihani [EMAIL PROTECTED] wrote: Hello, I have squid configured with multiple cache_dir, in squid.conf : cache_dir ufs /cache1 62000 32 256 cache_dir ufs /cache2 66000 32 256 But, when I check the usage of the disk partion, the cache2 partition get rapidly filled with squid cache. Is this normal? If not, how do I solve the problem? /dev/ad3s4d67G 184M62G 0%/cache1 /dev/ad2s1d72G 1.8G65G 3%/cache2 Thank you, Rgds, Asfihani I have same configuration with lesser cache_dir sizes and they are working nicely,,, What policy you are using BTW? -- Nasir Mahmood Systems + Network Admin. Asia Net.
RE: [squid-users] reverse proxy with caching and authentication
There is a manual hack that I have used successfully to get proxy auth working in accelerator mode. (BTW I found this fix posted somewhere in this newsgroup long ago so all credits go to Henrik Nordstrom) You need to edit the source before compiling as follows: Edit the src/Makefile file by adding the following at the DEFS line -DAUTH_ON_ACCELERATION Then compile in the usual manner. Works fine for me using 2.5 stable3 on RH7.3 with winbind auth helper but should work for any others I imagine. Don't know exactly why auth on acceleration is not enabled by default. I'm guessing it has something to do with possible authentication conflicts on the http server as you can only have one layer of http auth. Hope this helps, Dave H -Original Message- From: Michiel van Es [mailto:[EMAIL PROTECTED] Sent: Wednesday, 3 November 2004 2:31 AM To: Elsen Marc Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] reverse proxy with caching and authentication Elsen Marc wrote: Hi, is it possible to use a reverse proxy server with authentication? I've read that you have to recompile this option into Squid. Why isn't it a default option in Squid? I do now want to recompile my squid version when there is a security exploit and rather use the up2date/yum functionallity from WhiteBox/RedHat. I use WhiteBox Enterprise Linux 3.0 , Squid version: squid-2.5.STABLE3-6.3E.1 http://www.squid-cache.org/mail-archive/squid-users/200212/0035.html and/or http://www.squid-cache.org/mail-archive/squid-users/200304/0003.html M. Thanks.. too bad it isn't implemented in the stable rpm version. Now I have to recompile squid ( I do now want to this every time there is a security exploit) or use the 3.0 beta :( Michiel
RE: [squid-users] Sporadic high CPU usage, no traffic
On Mon, 1 Nov 2004, Chris Robertson wrote: 2004/11/01 11:32:55| cbdataUnlock: Freeing 0x83ef270 2004/11/01 11:33:08| eventRun: RUN ID 1342 This is really killing me. Is it the eventRun that is causing the stall, is it breaking the stall, or is it completely unrelated? Probably unrelated. Does strace reveal any activity during the strange hickups? You can also try running Squid under the control of a debugger (i.e. gdb) and break it while it is stuck (Control-C). This should show you where/what it is doing at the time. Regards Henrik Thanks for the tip. Using gdb was exactly what I needed (I've never used it before, neat). I was using two url_regex acls, and the regular expressions I was using seem to be the problem. Removing those two lines dropped CPU usage from a low of %50 to a HIGH of 10%. Yikes. Off to optimize them. Once again Henrik, you are a savior. Chris
Re[2]: [squid-users] squid3 pre3-20041102: WARNING: transparent proxying not supported (visolve not help)
Hi! B Same was the problem when I first time created my squid box from B scratch. I had actualy been missing.. B httpd_accel_host virtual B httpd_accel_port 80 B httpd_accel_with_proxy on B httpd_accel_uses_host_header on B enabled in my squid.conf B or may some other problem with your paricular config file. I'm using squid3. These commands have no sense there: /var/log/squid# /etc/init.d/squid start Starting proxy server: 2004/11/03 09:42:15| parseConfigFile: 'squid.conf' line 1 unrecognized: 'httpd_accel_host virtual' 2004/11/03 09:42:15| parseConfigFile: 'squid.conf' line 2 unrecognized: 'httpd_accel_port 80' 2004/11/03 09:42:15| parseConfigFile: 'squid.conf' line 3 unrecognized: 'httpd_accel_with_proxy on' 2004/11/03 09:42:15| parseConfigFile: 'squid.conf' line 4 unrecognized: 'httpd_accel_uses_host_header on' I need to specify: http_port 10.2.254.1:3113 transparent networks acls are also good... that's why I don't understand the problem. -- Thomas Elias Title: System administrator, Programmer mailto: [EMAIL PROTECTED] Tel.: +3630/3299315 ICQ UIN: 206-714-459 Quote: A számban a nyál, az ütõeremben a vér! Végzem a dolgomat, Te meg majd eldöntöd, hogy mennyit ér! (TCS)