RE: [squid-users] Best Caching Engine
Thanks Aaron This is really useful info. Any idea how much traffic these box can handle ? For example one Netcache C 2300 box, what kind of load it can handle. Thanks - Lokesh -Original Message- From: Aaron Chu [mailto:[EMAIL PROTECTED] Sent: Friday, May 26, 2006 11:41 PM To: Lokesh Khanna Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Best Caching Engine I've also been looking at commercial caching products. What I've found are: squid - of course netcache - appliances - they have a lot of large customers (yahoo, myspace, etc) and their c2300 unit is priced at $20k bluecoat - applicances - not too clear on their product line, but I spoke with them and it seems their product is a player in the market stratacache - servers with their own tuned OS and caching engine - they have very large systems, but they seem like a very brute-force approach (something like 48 disks in one chassis) jaguar3000 - software - an off-shore company, with limited info online. There are also a number of companies offering memory-based caching products, which are limited to a few gigs of cache size. Caching is also bundled into a lot of load balancers/traffic managers, application servers, etc. Aaron Chu On May 26, 2006, at 3:07 PM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote: > Hi > > Does anyone know which is the best (commercial or freeware) caching > engine for Large ISP? Is there any comparison sheet between different > cache engine? > > Thanks - LK > Disclaimer > ** > ** > The information contained in this e-mail, any attached files, and > response threads are confidential and > may be legally privileged. It is intended solely for the use of > individual(s) or entity to which it is addressed > and others authorised to receive it. If you are not the intended > recipient, kindly notify the sender by return > mail and delete this message and any attachment(s) immediately. > > Save as expressly permitted by the author, any disclosure, copying, > distribution or taking action in reliance > on the contents of the information contained in this e-mail is > strictly prohibited and may be unlawful. > > Unless otherwise clearly stated, and related to the official > business of Accelon Nigeria Limited, opinions, > conclusions, and views expressed in this message are solely > personal to the author. > > Accelon Nigeria Limited accepts no liability whatsoever for any > loss, be it direct, indirect or consequential, > arising from information made available in this e-mail and actions > resulting there from. > > For more information about Accelon Nigeria Limited, please see our > website at > http://www.accelonafrica.com > ** > Disclaimer The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com **
[squid-users] invititation for 100mins free international telephone call by pc
Email me if you want to use this service for free. -- Best Regards NIMA SADEGHIAN
[squid-users] test
test -- Best Regards NIMA SADEGHIAN
Re: [squid-users] Forbiden
Thank you for your patience, Yes is the Internet. I want when somebody on the Internet try to use our proxy he sees a customize message seing that is doing something wrong instead of having a "cannot display page" message. Merci. Bill Jacqmein wrote: Dominique, The outside is the Internet? Bill On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: Thank you, But the forbiden users are from outside my network. They could come from what ever domain and try to use the proxy from outside. Bill Jacqmein wrote: > Salute Dominique, > > abcd.txt will be drive by url_regex given the definition > provided > lines like .gator.com should work > http://www.squid-cache.org/Doc/FAQ/FAQ.html#toc10.4 give > the basic overview > > /usr/local/squid/etc/errors (or where the errors directory under > squid/etc) > ERR_NO_abcd <- File name should contain html. A simple > as the example in the faq has. > > squid.conf additions > acl porn url_regex "/usr/local/squid/etc/abcd.txt" > deny info ERR_NO_abcd > > Bill > > On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: > >> Merci Bill, >> But How to trigger Squid to answers to those forbiden requests ? >> How Squid will make the differnce between a legal request or a >> forbiden ? >> >> In the exemple: >> >> acl porn url_regex "/usr/local/squid/etc/porno.txt" >> >> >> What should I put in the file abcd in /usr/local/squid/etc/abcd.txt ? >> >> Thank you. >> >> >> Bill Jacqmein wrote: >> >> > Dominique, >> > >> > http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.24, is a >> > FAQ section for customizing squid error messages. >> > >> > Good Luck, >> > >> > Bill >> > >> > On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: >> > >> >> Hi squid users, >> >> I have squid running on Solaris 10 with apache2. >> >> It's working perfectly but Is it possible for the Not Allowed >> Proxy User >> >> to have a message saying :Forbiden to use this proxy. >> >> Right now they don't have access at all but they don't have any >> >> messages. They just see "This page cannot be display. >> >> >> >> I guess is just cosmetic but If it's easy to do thank you. >> >> >> >> -- >> >> Dominique Bagnato - Head of the Technology Department. >> >> French International School - Bethesda, MD. USA >> >> Tel:301 530 8260 Ext:279 - http://www.rochambeau.org >> >> >> >> >> >> >> >> >> > >> > >> > >> > >> > >> >> >> -- >> Dominique Bagnato - Head of the Technology Department. >> French International School - Bethesda, MD. USA >> Tel:301 530 8260 Ext:279 - http://www.rochambeau.org >> >> >> >> > > > > > -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org
Re: [squid-users] Best Caching Engine
I've also been looking at commercial caching products. What I've found are: squid - of course netcache - appliances - they have a lot of large customers (yahoo, myspace, etc) and their c2300 unit is priced at $20k bluecoat - applicances - not too clear on their product line, but I spoke with them and it seems their product is a player in the market stratacache - servers with their own tuned OS and caching engine - they have very large systems, but they seem like a very brute-force approach (something like 48 disks in one chassis) jaguar3000 - software - an off-shore company, with limited info online. There are also a number of companies offering memory-based caching products, which are limited to a few gigs of cache size. Caching is also bundled into a lot of load balancers/traffic managers, application servers, etc. Aaron Chu On May 26, 2006, at 3:07 PM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote: Hi Does anyone know which is the best (commercial or freeware) caching engine for Large ISP? Is there any comparison sheet between different cache engine? Thanks - LK Disclaimer ** ** The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com **
[squid-users] 28 cache_dirs - how many async io threads?
Hi, I'm tuning a large squid cluster reverse-proxy implementation, and I'm wondering what the experienced opinions are about the number of async io threads for 28 cache_dirs? Some background on the testing cluster so far (spare hardware similar from my other production systems): host machines: 3x dual xeon 3.0GHz E em64t 12GB RAM 2x quad opteron 248 32GB RAM all broadcom bcm5704 dual Gbit NICs storage: each system = lsi megaraid320-2 (2ch ultra320), 2x dell powervault 220s, 14x 36gb 15k SCSI per powervault 5 systems in total. I've been trying different replacement policies, refresh_patterns, tuned the kernel's network params, memory sizes, etc. They're all running with async writes turned on. It seems like I'm getting throughput of 500req/s at 100% IO load on the RAIDed systems. This is with a ~55% hit rate (very large library size). Each request is on avg 8kB with deviations of about 4kB +/-. I'd like to see how much I can get out of squid... I'm getting a NetCache unit in for an eval, so I can do some comparison. SO - the Question - For storage, I've been doing dual 2 RAID10 (7x2) logical drives, limiting the used space to 20GB each, but for this experiment I'm trying out configuring it with 28 individual drives at 2GB cache_dirs each. For the RAID setup, 32 threads seemed to work the smoothest (compared to 26 and 40). Currently, the 28 drive system is running with 512 threads :o -- is this too much? I tried 64 previously and squid kept reporting IO overloading, pausing way too often to sync. I could just try everything, but it takes a while to get some comprehensive data (memory cache needs to fill up, etc). Thanks in advance, Aaron Chu
[squid-users] Best Caching Engine
Hi Does anyone know which is the best (commercial or freeware) caching engine for Large ISP? Is there any comparison sheet between different cache engine? Thanks - LK Disclaimer The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com **
Re: [squid-users] Forbiden
Dominique, The outside is the Internet? Bill On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: Thank you, But the forbiden users are from outside my network. They could come from what ever domain and try to use the proxy from outside. Bill Jacqmein wrote: > Salute Dominique, > > abcd.txt will be drive by url_regex given the definition > provided > lines like .gator.com should work > http://www.squid-cache.org/Doc/FAQ/FAQ.html#toc10.4 give > the basic overview > > /usr/local/squid/etc/errors (or where the errors directory under > squid/etc) > ERR_NO_abcd <- File name should contain html. A simple > as the example in the faq has. > > squid.conf additions > acl porn url_regex "/usr/local/squid/etc/abcd.txt" > deny info ERR_NO_abcd > > Bill > > On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: > >> Merci Bill, >> But How to trigger Squid to answers to those forbiden requests ? >> How Squid will make the differnce between a legal request or a >> forbiden ? >> >> In the exemple: >> >> acl porn url_regex "/usr/local/squid/etc/porno.txt" >> >> >> What should I put in the file abcd in /usr/local/squid/etc/abcd.txt ? >> >> Thank you. >> >> >> Bill Jacqmein wrote: >> >> > Dominique, >> > >> > http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.24, is a >> > FAQ section for customizing squid error messages. >> > >> > Good Luck, >> > >> > Bill >> > >> > On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: >> > >> >> Hi squid users, >> >> I have squid running on Solaris 10 with apache2. >> >> It's working perfectly but Is it possible for the Not Allowed >> Proxy User >> >> to have a message saying :Forbiden to use this proxy. >> >> Right now they don't have access at all but they don't have any >> >> messages. They just see "This page cannot be display. >> >> >> >> I guess is just cosmetic but If it's easy to do thank you. >> >> >> >> -- >> >> Dominique Bagnato - Head of the Technology Department. >> >> French International School - Bethesda, MD. USA >> >> Tel:301 530 8260 Ext:279 - http://www.rochambeau.org >> >> >> >> >> >> >> >> >> > >> > >> > >> > >> > >> >> >> -- >> Dominique Bagnato - Head of the Technology Department. >> French International School - Bethesda, MD. USA >> Tel:301 530 8260 Ext:279 - http://www.rochambeau.org >> >> >> >> > > > > > -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org
Re: [squid-users] HTTP compression with Squid
[EMAIL PROTECTED] wrote: Hi I am using Squid 2-5-10 stable on Red Hat linux and passing nearly 15 mbps traffic. I want to use some device ( or on squid) which can help me in saving bandwidth by enabling compression. We Provide internet service over Satellite. I want to compress data between Client and Squid server placed in Data Center. I heard Hyperweb is a good tool to do that. This daemon sit in between Client and Squid and compress data between client and Hyperweb daemon. But unfortunately this product is good for only Enterprise customers not for ISP. Does anyone using any other tool like this. Any hardware based solution or software based solution which can be used for HTTP compression. Thanks - Lokesh Since you mentioned hardware solutions, you might look into Peribit (acquired by Juniper) or its competitors. It's a TCP stream compressor/optimizer, so it accelerates Email, and FTP as well as HTTP. Chris
Re: [squid-users] request header/body ACL based?
Wojciech Puchar wrote: is it possible to place a limit on http POST body, but not globally but for a given URL? it's very important for me. Something like the following should get most of them... acl large_upload req_header Content-Length [1-9][0-9]{6} acl POST method POST acl limited_site dstdomain .forms.are.us # Prevent anyone from POSTing more than 999,999 bytes to *.forms.are.us http_access deny large_upload POST limited_site See http://www.squid-cache.org/mail-archive/squid-users/200604/0422.html for more details on building a regular expression to match other sizes of uploads. Chris
Re: [squid-users] Forbiden
Dominique Bagnato wrote: Hi squid users, I have squid running on Solaris 10 with apache2. It's working perfectly but Is it possible for the Not Allowed Proxy User to have a message saying :Forbiden to use this proxy. Right now they don't have access at all but they don't have any messages. They just see "This page cannot be display. I guess is just cosmetic but If it's easy to do thank you. "This page cannot be display..."? That sounds suspiciously like an Internet Explorer message, not a Squid message. How are you preventing these Not Allowed Proxy Users from accessing your proxy? Chris
Re: [squid-users] Alternative to standard Squid authentication schemas
[EMAIL PROTECTED] wrote: Hello, there is a way to authenticate Squid users through an SSL form ? I can't use basic auhtentication schema for security reasons. I can't use NTLM authentication schema because my Windows Domains aren't trusted togheter. I'd like to use digest authentication schema but the users's password on my LDAP are encrypted so isn't easy to implement it. Thank you very much for your attention and for your time, Alberto. The short answer is that Squid, by itself can not perform this task. However, the external_acl_type and deny_info directives along with a webserver, and back end LDAP query should allow you to perform this task. You will have to store (and lookup) session information outside squid, and this will preclude seeing user names in the access.log. Here's the basic idea: You have a eternal ACL helper that takes the client IP and performs a lookup. If a valid session is found, access is allowed. If not, access is denied and the deny_info directive refers the browser to a login page (hosted on a webserver) that creates the session data (which can be routinely cleared text files, or a database). Here's a guideline of the squid.conf portion... external_acl_type user-check ttl=5 %SRC /path/to/helper acl loggedIn external user-check http_access deny !loggedIn http_access allow siteIPs http_access deny all deny_info http://authentication.my.domain/authenticate.php loggedIn Creating the helper, authentication page and back end are left as exercises for the reader. Chris
RE: [squid-users] squid performance epoll. 350req/sec 100% cpu
You need to put the epoll patch and bootstrap.sh before the other patches. Bootstrap.sh will rebuild the configure script so any patches done before bootstrap.sh is run will be lost. Here's what my %prep section looks like: %prep %setup -q %if %{with_epoll} %patch9 -p1 -b .epoll ./bootstrap.sh %endif %patch1 -p1 -b .config %patch3 -p1 -b .location %patch4 -p1 -b .build %patch5 -p1 -b .perlpath %patch6 -p1 -b .pipe %patch7 -p1 -b .config P.S. I've configured my spec file to allow me to build with or without epoll using rpmbuild -ba --with epoll squid.spec or rpmbuild -ba --with epoll squid.spec. -=Kevin=- -Original Message- From: John Horne [mailto:[EMAIL PROTECTED] Sent: Friday, May 26, 2006 4:11 AM To: Squid Users Subject: Re: [squid-users] squid performance epoll. 350req/sec 100% cpu On Thu, 2006-05-25 at 08:06 +0800, Steven Wilton wrote: > > The epoll patch does add the ENTRY_DEFER_READ flag to connections regardless > of whether epoll is actually being used or not. This flag allows squid to > skip a few tests in the deferred handler. The presence of these messages in > your cache log shows that you've applied the epoll patch successfully. > Yes the patch itself has been applied with no errors, but it (epoll) is not necessarily being used. The file /usr/src/redhat/BUILD/squid-2.5.STABLE13/include/autoconf.h after installing the patch and running configure, but not running bootstrap.sh, doesn't contain the lines: /* * Supports epoll */ #define HAVE_EPOLL 1 So the patch is applied but epoll is not being used. > Check that your sysem supports epoll (linux 2.6 kernel) > It's a 2.6.16 kernel - Fedora Core 4 linux. > and make sure you have --enable-epoll as an option to configure. > Yup, that's enabled as well as --disable-poll. I have modified the squid.spec file to run bootstrap.sh just before configure. Whilst this seems to be okay (bootstrap.sh runs okay; configure runs okay), I now get errors from the rpmbuild near the end: RPM build errors: File not found: /var/tmp/squid-2.5.STABLE13-root/etc/squid/mib.txt File not found: /var/tmp/squid-2.5.STABLE13-root/usr/share/squid It seems that the bootstrap.sh script has changed something such that the file /usr/src/redhat/BUILD/squid-2.5.STABLE13/src/Makefile changes from containing DEFAULT_MIB_PATH = $(sysconfdir)/mib.txt to DEFAULT_MIB_PATH = $(datadir)/mib.txt I'm not really familiar with the aclocal/autoconf/automake commands so this will need a bit of investigating to see why the file location has changed. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
Re: [squid-users] Squid acl containing hostnames issue
Jason Bassett wrote: Hello I work in a secondary school with 5 IT suites each with 20-30 computers. I have created an acl for each room containing the hostnames of the machines for examle, an acl called R32 for room 32 contains: R32001 R32002 ... R32030 If I set this acl to deny, not all machines are denied access only a random group within the room. I originally run a GNU/Linux dhcp server to allocate static IPs to all network machines and then created acl's based on the IP ranges of machines in each room. This worked perfectly but now Research Machines who "support" us have demanded I remove the GNU/Linux dhcp server otherwise they will not "support" our installation. I am therefore looking for the easiest and most time effective method of blocking rooms when required. Hostnames seemed to be the best way. Any ideas on this issue? Thanks Jason How are IP addresses going to be supplied? Static assignment? Or is a Windows server going to be providing DHCP (Can you just have the Windows server supply the DHCP reservations)? How is the network set up? Could each room be set up on its own subnet (most gateways support DHCP pass through)? An other alternative: 1. Assign your Squid server an IP address for each room (e.g. 192.168.0.32, 192.168.0.33, etc). 2. Have each room use it's "assigned" IP for proxy (Room 32 uses 192.168.0.32:3128 for proxy). 3. Use "acl myip 192.168.0.32/32" to prevent access. Chris
Re: [squid-users] Help, need to block nearly everything.
Karl Sumpter wrote: Hi guys Been off list for a while, but am now in a bit of a situation. A few days ago we lost our main internet link due to a fiber fault underwater somewhere near Singapore. Going from 80/80mbits to 2/4mbits has forced me to suspend web browsing and concentrate more on email services working. Problem is, we were told the repairs would take 3 days (today being the last day) but now told to wait a further 10...i think you can guess where i am right now with no paddle ;) So this morning i had a thought, and decided to look at offering the most basic web browsing possible, ideally mime type text/html and whatever other mime type depends on it to offer text only browsing, with no downloading of other media like pictures/flash etc. Now i've seen posts that offer an exclusion list using req_mime_type, but i want to go the other way around, allowing only a few mime typesis this possible ? I've configured something like the following: acl MINIMAL req_mime_type ^text/html$ I think you might want to use rep_mime_type to limit the responses from the servers. http_access allow MINIMAL http_access deny all These two will then have to be http_reply_access rules. but as you can guess, no joy. Anyways, i'm scrabbling for ideas, and as you can understand it's pretty critical right now. Thanks for any constructive input in advance. Cheers, Karl Chris
Re: [squid-users] cache storage problem? (squid 3)
On 5/26/06, Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: is that on linux? try checking /proc/interrupts. Maybe reordering PCI cards would help a bit. Do you use 32 or 64bit architecture? iwith 32bit, you probably can't use more than one (or two?) GB of data segment per process, which may also cause some more load... This is on a stable debian system. 32 bit architecture... but data segments _should_ be well within limits. > >May be caused by the fact squid searches for valid cache_dir > > I'm starting to believe the same thing. Squid probably tries to find out which objects to purge from memory cache, and then it decides where to save them. Also, it has to purge some objects off ths disk, which results which in case of big memory and relatively small disk cache results into much CPU processing. I've come to learn that this is a result of squid blocking for diskd. The queue for reading/writing is getting too large and squid slows down (by a _lot_) for diskd to keep up. All of those "no valid swapdirs for this object" messages are the result of the queue exceeding Q1 and squid blocking. I'm playing with the Q1 and Q2 values to see if I can fix this. So far I've had no luck though. now, first I would try to decrease cache_mem to one half (51MB is still MUCH) and increase cache_dirs' sizes. -- I'll give this a try. The thing that bothers me about this is that I have other cache servers running squid 2 and they're able to make use of much more cache mem than this. -- Dan Thomson Systems Engineer Peer1 Network 1600 555 West Hastings Vancouver, BC V6B 4N5 866-683-7747 http://www.peer1.com
[squid-users] HTTP compression with Squid
Hi I am using Squid 2-5-10 stable on Red Hat linux and passing nearly 15 mbps traffic. I want to use some device ( or on squid) which can help me in saving bandwidth by enabling compression. We Provide internet service over Satellite. I want to compress data between Client and Squid server placed in Data Center. I heard Hyperweb is a good tool to do that. This daemon sit in between Client and Squid and compress data between client and Hyperweb daemon. But unfortunately this product is good for only Enterprise customers not for ISP. Does anyone using any other tool like this. Any hardware based solution or software based solution which can be used for HTTP compression. Thanks - Lokesh Disclaimer The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com **
Re: [squid-users] memory leaks
> Edvard Chitro wrote: > >>Hello All, >> >>News from my squid box. >> >>I have changed fs from reiserfs to ext2 if you remember (due to the >>suspect that it eats RAM). >>And after cache dir is filled up ~95% I still get 300 MB of RAM gone >>again >> >>It is a real mystery for me where the hell all RAM has gone, but I >> suspect >>squid. Because when squid was turned off I had ~ 350 RAM in the buffers >>and cache ... and now I have only: >> >> total used free sharedbuffers cached >>Mem:516312 510936 5376 0 17984 95408 >>-/+ buffers/cache: 397544 118768 >>Swap: 248968 0 248968 >> >>Any ideas ? >> >> >>Regards, >>Edvard Chitro >> >> >> > Are you running any kind of software RAID? The Linux kernel has had a > few problems with memory leaks and RAID > (http://lkml.org/lkml/2005/6/28/4 for one such example). The symptoms > sound eerily familiar. No I have two SCSI hard drives. no RAID. One for the system, another for squid cache. Now free says: total used free sharedbuffers cached Mem:516312 511796 4516 0 20944 84856 -/+ buffers/cache: 405996 110316 Swap: 248968 0 248968 > > Chris > > >
Re: [squid-users] Forbiden
Thank you, But the forbiden users are from outside my network. They could come from what ever domain and try to use the proxy from outside. Bill Jacqmein wrote: Salute Dominique, abcd.txt will be drive by url_regex given the definition provided lines like .gator.com should work http://www.squid-cache.org/Doc/FAQ/FAQ.html#toc10.4 give the basic overview /usr/local/squid/etc/errors (or where the errors directory under squid/etc) ERR_NO_abcd <- File name should contain html. A simple as the example in the faq has. squid.conf additions acl porn url_regex "/usr/local/squid/etc/abcd.txt" deny info ERR_NO_abcd Bill On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: Merci Bill, But How to trigger Squid to answers to those forbiden requests ? How Squid will make the differnce between a legal request or a forbiden ? In the exemple: acl porn url_regex "/usr/local/squid/etc/porno.txt" What should I put in the file abcd in /usr/local/squid/etc/abcd.txt ? Thank you. Bill Jacqmein wrote: > Dominique, > > http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.24, is a > FAQ section for customizing squid error messages. > > Good Luck, > > Bill > > On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: > >> Hi squid users, >> I have squid running on Solaris 10 with apache2. >> It's working perfectly but Is it possible for the Not Allowed Proxy User >> to have a message saying :Forbiden to use this proxy. >> Right now they don't have access at all but they don't have any >> messages. They just see "This page cannot be display. >> >> I guess is just cosmetic but If it's easy to do thank you. >> >> -- >> Dominique Bagnato - Head of the Technology Department. >> French International School - Bethesda, MD. USA >> Tel:301 530 8260 Ext:279 - http://www.rochambeau.org >> >> >> >> > > > > > -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org
Re: [squid-users] Forbiden
Salute Dominique, abcd.txt will be drive by url_regex given the definition provided lines like .gator.com should work http://www.squid-cache.org/Doc/FAQ/FAQ.html#toc10.4 give the basic overview /usr/local/squid/etc/errors (or where the errors directory under squid/etc) ERR_NO_abcd <- File name should contain html. A simple as the example in the faq has. squid.conf additions acl porn url_regex "/usr/local/squid/etc/abcd.txt" deny info ERR_NO_abcd Bill On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: Merci Bill, But How to trigger Squid to answers to those forbiden requests ? How Squid will make the differnce between a legal request or a forbiden ? In the exemple: acl porn url_regex "/usr/local/squid/etc/porno.txt" What should I put in the file abcd in /usr/local/squid/etc/abcd.txt ? Thank you. Bill Jacqmein wrote: > Dominique, > > http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.24, is a > FAQ section for customizing squid error messages. > > Good Luck, > > Bill > > On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: > >> Hi squid users, >> I have squid running on Solaris 10 with apache2. >> It's working perfectly but Is it possible for the Not Allowed Proxy User >> to have a message saying :Forbiden to use this proxy. >> Right now they don't have access at all but they don't have any >> messages. They just see "This page cannot be display. >> >> I guess is just cosmetic but If it's easy to do thank you. >> >> -- >> Dominique Bagnato - Head of the Technology Department. >> French International School - Bethesda, MD. USA >> Tel:301 530 8260 Ext:279 - http://www.rochambeau.org >> >> >> >> > > > > > -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org
[squid-users] request header/body ACL based?
is it possible to place a limit on http POST body, but not globally but for a given URL? it's very important for me.
Re: [squid-users] Forbiden
Merci Bill, But How to trigger Squid to answers to those forbiden requests ? How Squid will make the differnce between a legal request or a forbiden ? In the exemple: acl porn url_regex "/usr/local/squid/etc/porno.txt" What should I put in the file abcd in /usr/local/squid/etc/abcd.txt ? Thank you. Bill Jacqmein wrote: Dominique, http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.24, is a FAQ section for customizing squid error messages. Good Luck, Bill On 5/26/06, Dominique Bagnato <[EMAIL PROTECTED]> wrote: Hi squid users, I have squid running on Solaris 10 with apache2. It's working perfectly but Is it possible for the Not Allowed Proxy User to have a message saying :Forbiden to use this proxy. Right now they don't have access at all but they don't have any messages. They just see "This page cannot be display. I guess is just cosmetic but If it's easy to do thank you. -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org
[squid-users] Query on PURGE behaviour...
I've got an inverse proxy setup running with Squid, and I was wondering what the specific behaviour of PURGE is. In this case we've got a Varying header based on the browser and accept-encoding due to gzip-ed content, so my question is does a PURGE for a single URL purge *all* of the variously cached copies for the various browser+encoding strings? I know it keeps separate cache entries for each. I ask because someone might have an answer that'll save me some time experimenting or digging in code! TIA! -- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler
[squid-users] Forbiden
Hi squid users, I have squid running on Solaris 10 with apache2. It's working perfectly but Is it possible for the Not Allowed Proxy User to have a message saying :Forbiden to use this proxy. Right now they don't have access at all but they don't have any messages. They just see "This page cannot be display. I guess is just cosmetic but If it's easy to do thank you. -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org
[squid-users] Alternative to standard Squid authentication schemas
Hello, there is a way to authenticate Squid users through an SSL form ? I can't use basic auhtentication schema for security reasons. I can't use NTLM authentication schema because my Windows Domains aren't trusted togheter. I'd like to use digest authentication schema but the users's password on my LDAP are encrypted so isn't easy to implement it. Thank you very much for your attention and for your time, Alberto.
Re: [squid-users] Restart Squid
Thanks. > Hello, > > No need to restart squid to make effect of the squid configuration > changes, just run "squid -k reconfigure" > > Thanks, > Visolve Squid Team, > http://squid.visolve.com > > On Fri, 2006-05-26 at 16:11 +0545, Harish Pokharel wrote: >> Should I restart Squid after i make some acls entry in squid.conf >> > > -- Harish Pokharel
Re: [squid-users] Restart Squid
Hello, No need to restart squid to make effect of the squid configuration changes, just run "squid -k reconfigure" Thanks, Visolve Squid Team, http://squid.visolve.com On Fri, 2006-05-26 at 16:11 +0545, Harish Pokharel wrote: > Should I restart Squid after i make some acls entry in squid.conf >
Re: [squid-users] squid performance epoll. 350req/sec 100% cpu
On Thu, 2006-05-25 at 08:06 +0800, Steven Wilton wrote: > > The epoll patch does add the ENTRY_DEFER_READ flag to connections regardless > of whether epoll is actually being used or not. This flag allows squid to > skip a few tests in the deferred handler. The presence of these messages in > your cache log shows that you've applied the epoll patch successfully. > Yes the patch itself has been applied with no errors, but it (epoll) is not necessarily being used. The file /usr/src/redhat/BUILD/squid-2.5.STABLE13/include/autoconf.h after installing the patch and running configure, but not running bootstrap.sh, doesn't contain the lines: /* * Supports epoll */ #define HAVE_EPOLL 1 So the patch is applied but epoll is not being used. > Check that your sysem supports epoll (linux 2.6 kernel) > It's a 2.6.16 kernel - Fedora Core 4 linux. > and make sure you have --enable-epoll as an option to configure. > Yup, that's enabled as well as --disable-poll. I have modified the squid.spec file to run bootstrap.sh just before configure. Whilst this seems to be okay (bootstrap.sh runs okay; configure runs okay), I now get errors from the rpmbuild near the end: RPM build errors: File not found: /var/tmp/squid-2.5.STABLE13-root/etc/squid/mib.txt File not found: /var/tmp/squid-2.5.STABLE13-root/usr/share/squid It seems that the bootstrap.sh script has changed something such that the file /usr/src/redhat/BUILD/squid-2.5.STABLE13/src/Makefile changes from containing DEFAULT_MIB_PATH = $(sysconfdir)/mib.txt to DEFAULT_MIB_PATH = $(datadir)/mib.txt I'm not really familiar with the aclocal/autoconf/automake commands so this will need a bit of investigating to see why the file location has changed. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
[squid-users] squid with client persistance ?
Hello, I'm trying to setup squid in front of 3 ZeoClients (ZopeInstances). When I configure squid with 1 cache-peer, it works well; but when I try to add the other 2 cache-peers, sometimes I lost session information because I think Squid is no maintaining backend server persistance based on client IP. Do you know why can it be? Perhaps I haven't configured Squid correctly. Here is cache-peer configuration: cache_peer 127.0.0.1 parent 8080 3130 no-digest no-netdb-exchange round-robin cache_peer 127.0.0.1 parent 8081 3131 no-digest no-netdb-exchange round-robin cache_peer 127.0.0.1 parent 8082 3132 no-digest no-netdb-exchange round-robin client_persistent_connections on server_persistent_connections on Best regards, Oskar -- Oskar Casquero Oiarzabal Analista Campus Virtual Universidad del Pais Vasco / Euskal Herriko Unibertsitatea (UPV/EHU) Biblioteca central - Campus de Leioa C.P. 48940 - Barrio Sarriena, s/n - LEIOA Tlfono: 94 601 3571 - Fax: 94 601 2327 e-mail: [EMAIL PROTECTED]
[squid-users] Squid acl containing hostnames issue
Hello I work in a secondary school with 5 IT suites each with 20-30 computers. I have created an acl for each room containing the hostnames of the machines for examle, an acl called R32 for room 32 contains: R32001 R32002 ... R32030 If I set this acl to deny, not all machines are denied access only a random group within the room. I originally run a GNU/Linux dhcp server to allocate static IPs to all network machines and then created acl's based on the IP ranges of machines in each room. This worked perfectly but now Research Machines who "support" us have demanded I remove the GNU/Linux dhcp server otherwise they will not "support" our installation. I am therefore looking for the easiest and most time effective method of blocking rooms when required. Hostnames seemed to be the best way. Any ideas on this issue? Thanks Jason
[squid-users] Restart Squid
Should I restart Squid after i make some acls entry in squid.conf -- Harish Pokharel
Re: [squid-users] Filtering SMTP & POP3
On 26.05.06 01:55, Feris Thia wrote: > Is there anyway to use SQUID to filter outgoing SMTP message & POP3 ? No. SQUID is HTTP proxy, and only supports HTTP clients. SQUID does not support SMTP nor POP3 protocols. I think this should be put into section 1.1 of Squid FAQ, and also onto web page. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have.
Re: [squid-users] cache storage problem? (squid 3)
> On 5/25/06, Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: > >this may be an IRQ conflict, or bad drivers for SCSI/net card. > > I doubt it, but I'll test on another system to see if the problem > persists... is that on linux? try checking /proc/interrupts. Maybe reordering PCI cards would help a bit. Do you use 32 or 64bit architecture? iwith 32bit, you probably can't use more than one (or two?) GB of data segment per process, which may also cause some more load... > >> >> The occurrence of these error messages correlate with a large jump in > >> >> CPU usage by squid. Is there a known reason for this? > > > >May be caused by the fact squid searches for valid cache_dir > > I'm starting to believe the same thing. Squid probably tries to find out which objects to purge from memory cache, and then it decides where to save them. Also, it has to purge some objects off ths disk, which results which in case of big memory and relatively small disk cache results into much CPU processing. now, first I would try to decrease cache_mem to one half (51MB is still MUCH) and increase cache_dirs' sizes. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes.
Re: [squid-users] Filtering SMTP & POP3
* On 26/05/06 01:55 -0400, Feris Thia wrote: | Is there anyway to use SQUID to filter outgoing SMTP message & POP3 ? | | I need to filter if there's attachment that more than n bytes... or | total messages larger than n bytes won't be routed. Is it possible ?? | Or if SQUID is not the solution... can someone refer to me what the | appropriate solution ? Look beyond squid . into an SMTP server. I suggest Exim (http://www.exim.org) -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ Labor, n.: One of the processes by which A acquires property for B. -- Ambrose Bierce, "The Devil's Dictionary"