Re: [squid-users] performance datas for Squid
>For this 15-25MB/s, do you mean bits or bytes? Thanks bits >Thanks John. for small files, why don't use GDSF on both locations? I can't remember exactly - I'll probably compare them both again soon. J 2008/12/7 Ken DBA <[EMAIL PROTECTED]>: > > > > --- On Sun, 12/7/08, john Moylan <[EMAIL PROTECTED]> wrote: > >> From: john Moylan <[EMAIL PROTECTED]> > >> GDSF on disk, LRU on >> Memory. >> > > Thanks John. for small files, why don't use GDSF on both locations? > > > >> that's serving >> between >> 15-25Mb/s of outbound traffic. >> > > > For this 15-25MB/s, do you mean bits or bytes? Thanks. > > > Ken. > > > >
Re: [squid-users] Routing requests issues in hierarchy setup
ons 2008-12-03 klockan 20:09 -0200 skrev Lucas Brasilino: > I'm getting puzzled with routing requests with Squid 2.7STABLE5 and how > 'always_direct' and 'never_direct' works. always_direct allow means that this Squid MUST NOT use any cache_peer while forwarding the request, instead it must go to the requested server. never_direct allow (unless always_direct allow is also in effect) means the opposite. That this Squid MUST use a cache_peer while forwarding the request and MUST NOT go directly to the requested server itself. > Basically I'd > like to route a requests with a specific extension to another squid > instance, including requests to your domain, or only outside requests? I guess this was answered by your config example.. requests for foo.bar.com with specific extensions. > requests to my domain to go directly and outside > requests go through my parent proxys. > acl bar dstdomain .bar.com > acl foo dstdomain foo.bar.com > acl caching_tier2 url_regex -i (\.css|\.jar|\.png|\.gif|\.jpg|\.js)$ > cache_peer_access tier2 allow caching_tier2 foo > cache_peer_access tier2 deny all > always_direct allow !caching_tier2 bar > never_direct allow all Here is a slight mismatch. To tier2 you send only caching_tier2 in foo.bar.com but you allow the following going direct !caching_tier2 in .bar.com This means that caching_tier2 in .bar.com except for foo.bar.com will go to the parent proxies as it's not allowed to go direct, not allowed to go via tier2 and not excluded from going via the parents. Additionally > cache_peer_access proxy1 deny caching_tier2 foo says that any requests in bar except for foo or where always_direct is in effect may be sent via the parents, which further adds to the confusion.. > Since 'allow' match of 'always_direct' goes directs, any request to > domain 'bar.com' which doesn't matches > 'caching_tier2' ACL should go direct. But what is happening is: > > request to http://foo.bar.com/something.jpg => routed to tier2 => OK > request to http://other.bar.com/ => routed to parents => NOT OK! > request to http://outside.world.com/ => routed to parents => OK! > > So...Where am I messing things up ?? :-) Probably you want cache_peer_access tier2 allow caching_tier2 foo never_direct allow caching_tier2 foo cache_peer_access proxy[1234] allow !bar [repeat per proxy1234] never_direct allow !bar which says that caching_tier2 in foo.bar.com must go via tier2 (excluded from proxy[1234] as foo is also in bar) anything except .bar.com must be sent to the parents. .bar.com except caching_tier2 goes direct as they are excluded from both tier2 and the parents. Regards Henrik
Re: [squid-users] why http code status is 0 when tcp_hit:none ?
tor 2008-12-04 klockan 15:42 +0800 skrev William Hanwoody: > squid log: > 218.108.56.170 - - [03/Dec/2008:20:01:08 +0800] > 6582 "GET /public/js/livecast/function.js HTTP/1.1" 0 > 0 "http://xxx.com.cn/livecast/k/live.php?id=313"; "Mozilla/4.0 (compatible; > MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)" > TCP_HIT:NONE It means the request was aborted before Squid could send the response header. There is a slight delay in HIT processing coming from the disks as it takes time to open disk files. If the client aborts in this time window then you see log entries like this. Regards Henrik
Re: [squid-users] Understanding Expect 100 default setting
tor 2008-12-04 klockan 11:45 + skrev Paul Cocker: > What I'm looking for is a brief, technical explanation of why this > setting defaults to off rather than on. I didn't really get from that > thread why the defaults were the way they were, especially as the > behaviour described with the Expect 100 wasn't in violation of spec, > just unusual. Sending Expect: 100 in an request is encouraged by the RFC, but the applications doing this SHOULD be prepared to see 417 Expectation Failed responses due to the expect and then retry the request without the expectation. The reason for this in HTTP is because the 100 Continue interim response code is a new feature in HTTP/1.1 and only supported in HTTP/1.1. If there is HTTP/1.0 paths involved or even most HTTP/1.1 proxies knowing the next hop is HTTP/1.0 or otherwise not capable of forwarding 100 Continue responses then the only way of telling the client that 100 Continue won't be seen is by rejecting the request with a 417 Expectation Failed response. The 417 Expectation Failed message really is "Sorry, you said you want to see a 100 Continue response before sending the rest of the response. Due to various reasons 100 Continue can't be supported here. Please retry the request without expecting a 100 Continue response". Now the dirty parts.. As Expect also wasn't known until late HTTP/1.1 (RFC2616) clients who use this should also handle the silent case that the Expect header is ignored, just as they did in HTTP/1.0 or early HTTP/1.1.. Because of this it in most cases works to simply ignore the 100 Continue expectation, but there is no guarantee as the HTTP/1.0 woraround is both optional and only applies when the client may suspect there is HTTP/1.0 hops in the request path.. > We had a problem which was solved by this setting, and I want to be in a > position to explain why things were setup in a way which caused this > issues to occur. In short, caused by a slightly broken client who can't deal properly with HTTP/1.0 hops in the request path, failing the request instead of retrying without the expectation when seeing a 417 response. Unfortunately this isn't spelled out clearly enough in RFC2616 unless you cross read the client requirements with the proxy requirements. Regards Henrik
Re: [squid-users] squid_ldap_group against nested groups/Ous
mån 2008-11-24 klockan 13:04 -0800 skrev Mike Ely: > directly a member of the acl group. What I need to do is be able to use > nested groups. (Sorry, it looks like I've stated this two different ways) nested groups unfortunately does not map very well to LDAP, and is not supported by squid_ldap_group. A nested group lookup via LDAP involves retreiving the whole group membership, looking for groups and then retreiging those groups, recursively until no further subgroups is found. In MS AD it may work doing the lookup the opposite way, querying if the user has the group listed in his user object. At least worth a try. The easiest way to see if this is the case is to use ldapserach to inspect the user object, or any other LDAP browser capable of querying you AD tree. Regards Henrik
Re: [squid-users] Fwd: website problem via squid
mån 2008-11-24 klockan 17:46 -0600 skrev Joe Pukepail: > Hello, > I'm having problems with www.morgankeegan.com especially this page > http://www.morgankeegan.com/ECM/ECMHome.htm when accessed through > squid. When we attempt to view this site it does not finish rendering > (we are using IE, have tested it with 6.0 and 7.0). I have checked to > see if it is there was any java trying to connect directly, have setup > a test system with a bare config (normally we use NTLM) and have not > been able to find out what is different about this site. Sounds like the site is behind a broken firewall crashing TCP Window Scaling. http://wiki.squid-cache.org/KnowledgeBase/BrokenWindowSize Regards Henrik
Re: [squid-users] Number of Spindles
mån 2008-12-01 klockan 11:33 +1300 skrev Amos Jeffries: > > sön 2008-11-30 klockan 09:56 +0600 skrev Nyamul Hassan: > > > >> "The primary purpose of these tests is to show that Squid's performance > >> doesn't increase in proportion to the number of disk drives. Excluding > >> other > >> factors, you may be able to get better performance from three systems > >> with > >> one disk drive each, rather than a single system with three drives." > > > > There is a significant difference up to 3 drives in my tests. > > > > Um, can you clarify please? Do you mean difference in experience than > described, or separate systems are faster up to 3 drives? 3 separate systems each with one drive each is faster than one system with 3 drives. No arguing about that. But also considerably more costly. What I am saying that for tuning one system there is noticeable performance gains from adding at least up to 3 spindles for the cache content. Actually you want 4 spindles for such setup, 3 for cache and 1 for OS + logs (including swap.state). After that there is not much to gain from adding additional spindles. This is using plain drives without RAID. If you RAID the drives then other limits apply, and varies greatly with the RAID controller, type of OS, tuning, amount of RAM etc.. Regards Henrik
Re: [squid-users] Number of Spindles
lör 2008-12-06 klockan 08:06 -0500 skrev Adrian Chadd: > I thought that the storedir page listed the number of objects in the > cache. It does. Regards Henrik
Re: [squid-users] Squid Fails on Reconfigure
tis 2008-12-02 klockan 09:40 -0500 skrev Rick Chisholm: > I'm having a recurring issue with squid 2.7STABLE5 on FreeBSD 6.3 - part > of the problem is that I cannot pinpoint the cause. Often (though not > always) when squid -k reconfigure is run squid goes a bit haywire and > maxes out one core and becomes unresponsive to connections. Please attach gdb to the process and print out a stack backtrace to figure out what it's doing. cat /usr/local/squid/logs/squid.pid gdb /usr/local/squid/sbin/squid gdb> backtrace then file a bugreport with the output. is the number returned by the command above.. Trying "squid -k debug" to get more detailed output in cache.log is also worthwhile, but begin with the backtrace. Regards Henrik
Re: [squid-users] Squid3 + Digestauth agains a HTTP/FTP ntlm site aware
ons 2008-12-03 klockan 12:37 -0600 skrev Luis Daniel Lucio Quiroz: > In sites such as ftp://partnerweb.trendmicro.com.br using squid it fails. It > seems that this site use NTLM and squid get confuses about authentication > user > for squid and then authenticating site using NTLM. No Squid version supports other than plain-text authentication to ftp:// servers. To authenticate to ftp sites the user must use URLs like ftp://[EMAIL PROTECTED]/ or ftp://user:[EMAIL PROTECTED]/ as ftp:// URLs without account information is defined by the ftp:// URL standard as anonymous FTP only. Regards Henrik
Re: [squid-users] Regex Problem - Squid 3.0STABLE10
ons 2008-12-03 klockan 18:43 +1300 skrev Amos Jeffries: > Is there someone with expertise in the types of regex. Who can say > whether or not the pcre library is capable of seamlessly handling the > old basic regex patterns as well as the pcre patterns? PCRE only hanles Perl regex, not POSIX regex (neither basic or extended). While PCRE is mostly compatible with POSIX regex there is some subtle differences in more advanced corner cases. But most probably prefer Perl regex syntax anyway.. Both better documented, more consistent and easier to type.. Regards Henrik
Re: [squid-users] SSL on Squid 2.7 Windows
ons 2008-12-03 klockan 06:25 -0800 skrev TheoB: > I have a running http reverse proxy setup. Now I want to add SSL. > > The first thing I try is to make squid listening on port 443: > > https_port 192.168.1.151:443 accel cert=C:/squid/ssl/xxx.pem > key=C:/squid/ssl/xxx.pem defaultsite=mirror.xxx.com vhost looks fine. > Squid starts but is not listening on 192.168.1.151:443. In the log I see no > indication that squid tries to set up an https listener. Is there any relevant warnings in cache.log? Do the pem file contain the certificate + unencrypted key? (for encrypted keys you need additional directives telling Squid how to get the key encryption password) Also try starting Squid "interactively" from a command window: /squid/sbin/squid -n squid -DNYCd3 Regards Henrik
Re: [squid-users] NTLM Password Cache on Squid ?
ons 2008-12-03 klockan 18:13 +0100 skrev Phibee Network Operation Center: > - We use Squid with Windbind/NTLM auth > > - When we change a password on the Active Directory, > squid don't see the change before a lot of hours ... As others already said it's an AD feature to make sure the Windows networking continue to working when the user changes his password while logged in. For a while both old and new password is accepted. Or at least that's my understanding. Regards Henrik
Re: [squid-users] Sign out
tor 2008-12-04 klockan 11:41 -0600 skrev [EMAIL PROTECTED]: > Why didn't you just give me the answer instead of a lesson? I still have to > write yet again now. Please do, as I have no clue what your question was. It got deleted when deleting the thread you "responded" to. So klick on "New message" and type your question again. Regards Henrik
Re: [squid-users] Current List of Good Analysis Tools?
tor 2008-12-04 klockan 09:50 -0800 skrev Mike Ely: > Am wondering what folks out there are using for squid analysis. Our current > need is for something that breaks usage down by user, preferably with > manager-friendly purty graphs. > > The list at http://www.squid-cache.org/Scripts/ is pretty badly out of date, > with lots of broken links and software that hasn't been maintained for years Please send any broken links to [EMAIL PROTECTED] The fact that a software hasn't been maintained in a long time does not need to be a bad sign in this case. If the software fulfills the needs of the author there generally is very little need to change it.. > I've gone through all of the projects there and, while some of > them are pretty close, I'd like to seek the opinion of the people in here - > is there something not on that list that you're using for this purpose? I can't really comment as I don't run such detailed statistcs.. Regards Henrik
[squid-users] Re: squid_ldap_group against nested groups/Ous
I did implement recursive group search in squid_kerb_ldap at http://sourceforge.net/project/showfiles.php?group_id=196348. Markus "Henrik Nordstrom" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] mån 2008-11-24 klockan 13:04 -0800 skrev Mike Ely: directly a member of the acl group. What I need to do is be able to use nested groups. (Sorry, it looks like I've stated this two different ways) nested groups unfortunately does not map very well to LDAP, and is not supported by squid_ldap_group. A nested group lookup via LDAP involves retreiving the whole group membership, looking for groups and then retreiging those groups, recursively until no further subgroups is found. In MS AD it may work doing the lookup the opposite way, querying if the user has the group listed in his user object. At least worth a try. The easiest way to see if this is the case is to use ldapserach to inspect the user object, or any other LDAP browser capable of querying you AD tree. Regards Henrik
[squid-users] What does storeClientCopyEvent mean?
Hi there, Squid is pegging CPU to 100% with "storeClientCopyEvent" and hit service time soar up to server seconds here. The following is what I see in cachemgr:events: OperationNext ExecutionWeightCallback Valid? storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent-0.019010 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes storeClientCopyEvent0.00 seconds0yes MaintainSwapSpace0.980990 seconds1N/A idnsCheckQueue1.00 seconds1N/A ipcache_purgelru5.457004 seconds1N/A wccp2HereIam5.464900 seconds1N/A fqdncache_purgelru5.754399 seconds1N/A storeDirClean10.767635 seconds1N/A statAvgTick59.831274 seconds1N/A peerClearRR110.539127 seconds0N/A peerClearRR279.341239 seconds0N/A User Cache Maintenance1610.136367 seconds1N/A storeDigestRebuildStart1730.225879 seconds1N/A storeDigestRewriteStart1732.267852 seconds1N/A peerRefreshDNS1957.777934 seconds1N/A peerDigestCheck2712.910515 seconds1yes So what does "storeClientCopyEvent" mean? Is it disk IO cause this problem? Regards, Liu
Re: [squid-users] Squid Fails on Reconfigure
lör 2008-12-06 klockan 14:52 -0500 skrev Rick Chisholm: > there might be a common denominator here - this is happening on a Dell > SC1435, dual-core Opteron 2212... maybe it's an AMD thing. That may > change my plans for another server. Unlikely. More likely something else. Regards Henrik
Re: [squid-users] SSL on Squid 2.7 Windows
Thanks a lot! The problem was the ssl cert in the pem format, after getting this right everything works as it should! First I did export the cert (mmc using the Certification Snap In) export, without select the strong authentication option, and including the private key. I than processed the resulting in.pfx file with: openssl pkcs12 -in in.pfx -out out.pem Doing this I had to enter a pass phrase. Next I had to remove the pass phrase again: openssl rsa -in key.pem -out keyout.pem But after that the private key was missing. So the last step was to add the private key again using a text editor. There is probably a smarter way to do this. Theo Henrik Nordstrom-5 wrote: > > ons 2008-12-03 klockan 06:25 -0800 skrev TheoB: >> I have a running http reverse proxy setup. Now I want to add SSL. >> >> The first thing I try is to make squid listening on port 443: >> >> https_port 192.168.1.151:443 accel cert=C:/squid/ssl/xxx.pem >> key=C:/squid/ssl/xxx.pem defaultsite=mirror.xxx.com vhost > > looks fine. > >> Squid starts but is not listening on 192.168.1.151:443. In the log I see >> no >> indication that squid tries to set up an https listener. > > Is there any relevant warnings in cache.log? > > Do the pem file contain the certificate + unencrypted key? > > (for encrypted keys you need additional directives telling Squid how to > get the key encryption password) > > Also try starting Squid "interactively" from a command window: > > /squid/sbin/squid -n squid -DNYCd3 > > Regards > Henrik > > > -- View this message in context: http://www.nabble.com/SSL-on-Squid-2.7-Windows-tp20813896p20882109.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] problemas con el proxy padre
al configurar el proxy padre, es decir el proxy que me da el acceso a internet me esta dando problemas de configuracion: cache peer: 192.168.10.20 3128 proxy only cache meen: 192.168.10.25 3128 proxy only Kevin G?mez Rodriguez Facultad de Ciencias Medicas Matanzas "El placer es la persecuci?n" --- Red Telematica de Salud - Cuba CNICM - Infomed
Re: [squid-users] Squid Fails on Reconfigure
Thx Henrik - I will try that when it happens again. Henrik Nordstrom wrote: > tis 2008-12-02 klockan 09:40 -0500 skrev Rick Chisholm: > Please attach gdb to the process and print out a stack backtrace to > figure out what it's doing. > > > cat /usr/local/squid/logs/squid.pid > gdb /usr/local/squid/sbin/squid > gdb> backtrace > > then file a bugreport with the output. > > is the number returned by the command above.. > > > Trying "squid -k debug" to get more detailed output in cache.log is also > worthwhile, but begin with the backtrace. > > Regards > Henrik > > -- Rick Chisholm sysadmin Parallel42 e. [EMAIL PROTECTED] m. 519-325-8630 w. www.parallel42.ca
Re: [squid-users] Number of Spindles
lör 2008-12-06 klockan 08:06 -0500 skrev Adrian Chadd: I thought that the storedir page listed the number of objects in the cache. It does. I can't seem to decipher which statistic value indicates the number of objects in each of the cache_dir. Would appreciate if you could help me here. A saved copy of the "Storage Directory Stats" page on my running system below: http://cartes.ispros.com.bd/squid/store_dir.html Also, when I used LRU on AUFS, it showed the LRU Ref Age, but when I changed it to LFUDA, it no longer shows the age of the oldest item in the cache. :( Regards Henrik Regards HASSAN
Re: [squid-users] How to interrupt ongoing transfers?
Hi Adrian, Thanks a lot for your prompt reply. Actually, I need to implement the quota system as a part of my final year Engineering project. I am planning to make it as a sort of an add-on package over Squid, which will be compatible with all current versions of Squid. As you can see, modifying the Squid source code is not an option for me. Please let me know if there is any way (or workaround) by which I can interrupt ongoing transfers in current versions of Squid without having to patch & rebuild it. Thanks & Regards, Kaustav - Original Message From: Adrian Chadd <[EMAIL PROTECTED]> To: Kaustav Dey Biswas <[EMAIL PROTECTED]> Cc: Squid Sent: Saturday, 6 December, 2008 12:28:10 AM Subject: Re: [squid-users] How to interrupt ongoing transfers? Someone may beat me to this, but I'm actually proposing a quote to a company to implement quota services in Squid to support stuff just like what you've asked for. I'll keep the list posted about this. Hopefully I'll get the green light in a week or so and can begin work on implementing the functionality in Squid-2. Thanks, Adrian 2008/12/5 Kaustav Dey Biswas <[EMAIL PROTECTED]>: > Hi, > > I am a squid newbie. I am trying to set up daily download quotas for NCSA > authorized users. I have a daemon running which checks the log files, and > whnever the download limit is reached (for a particular user), it blocks that > user in the config and reconfigures squid (squid -k reconfigure) for the > changes to take effect. > > The problem is, if an http/ftp transfer is on (for that user), the changes > made in the config doesnt take effect until that transfer session completes. > > Is there any way I can interrupt the transfer somehow (or say, force squid to > re-read its ACL) without affecting sessions of other users? > > Thanks & Regards, > Kaustav Dey Biswas Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
Re: [squid-users] Number of Spindles
sön 2008-12-07 klockan 23:30 +0600 skrev Nyamul Hassan: > > lör 2008-12-06 klockan 08:06 -0500 skrev Adrian Chadd: > >> I thought that the storedir page listed the number of objects in the > >> cache. > > > > It does. > > > I can't seem to decipher which statistic value indicates the number of > objects in each of the cache_dir. Would appreciate if you could help me > here. A saved copy of the "Storage Directory Stats" page on my running > system below: > http://cartes.ispros.com.bd/squid/store_dir.html Host not found... > Also, when I used LRU on AUFS, it showed the LRU Ref Age, but when I changed > it to LFUDA, it no longer shows the age of the oldest item in the cache. :( Correct. LFUDA does not have a "oldest". We could show the LFUDA weight of the "least interesting" object, but it's kind of pointless.. Regards Henrik
Re: [squid-users] How to interrupt ongoing transfers?
mån 2008-12-08 klockan 00:31 +0530 skrev Kaustav Dey Biswas: > Actually, I need to implement the quota system as a part of my final > year Engineering project. I am planning to make it as a sort of an > add-on package over Squid, which will be compatible with all current > versions of Squid. As you can see, modifying the Squid source code is > not an option for me. There is no builtin feature in Squid to selectively abort active requests. Modifying the Squid source will be required for this. > Please let me know if there is any way (or workaround) by which I can > interrupt ongoing transfers in current versions of Squid without > having to patch & rebuild it. I guess you could do it at the network layer by faking RST packets to Squid or the client, but it's harder and more error prone than extending Squid. Regards Henrik
Re: [squid-users] Number of Spindles
sön 2008-12-07 klockan 20:48 +0100 skrev Henrik Nordstrom: > sön 2008-12-07 klockan 23:30 +0600 skrev Nyamul Hassan: > > > lör 2008-12-06 klockan 08:06 -0500 skrev Adrian Chadd: > > >> I thought that the storedir page listed the number of objects in the > > >> cache. > > > > > > It does. > > > > > I can't seem to decipher which statistic value indicates the number of > > objects in each of the cache_dir. Would appreciate if you could help me > > here. It's the first number in "Filemap bits in use: 1849478 of 2097152 (88%)" The second number and % can be pretty much ignored. Doesn't mean anything meaningful outside the Squid sources. Regards Henrik
Re: [squid-users] Number of Spindles
It's the first number in "Filemap bits in use: 1849478 of 2097152 (88%)" Wow, thanx! Is there some similar value displayed for COSS storages also? Correct. LFUDA does not have a "oldest". We could show the LFUDA weight of the "least interesting" object, but it's kind of pointless.. Ok. Then, for LFUDA, is there a way to tell how often the cache is being revised entirely? I mean, to increase Byte Hit Ratio, what I've read so far, they say that it keeps improving at a decreasing rate, till around 25 - 30 days, after which no change is noticeable at all. So, it would be nice to figure out how old the data in my cache is. Any pointers? Regards HASSAN
Re: [squid-users] Number of Spindles
mån 2008-12-08 klockan 04:10 +0600 skrev Nyamul Hassan: > Ok. Then, for LFUDA, is there a way to tell how often the cache is being > revised entirely? There is no such thing for any of the policies. In all of the policies the cache is gradually replaced as needed by removing what the policy considers being the least interesting object. > I mean, to increase Byte Hit Ratio, what I've read so > far, they say that it keeps improving at a decreasing rate, till around 25 - > 30 days, after which no change is noticeable at all. So, it would be nice > to figure out how old the data in my cache is. Any pointers? Sorry, when not using LRU it's not easy to see without clearing your cache unfortunately. Regards Henrik
Re: [squid-users] why http code status is 0 when tcp_hit:none ?
> tor 2008-12-04 klockan 15:42 +0800 skrev William Hanwoody: > > squid log: > > 218.108.56.170 - - [03/Dec/2008:20:01:08 +0800] > > 6582 "GET /public/js/livecast/function.js HTTP/1.1" 0 > > 0 "http://xxx.com.cn/livecast/k/live.php?id=313"; "Mozilla/4.0 > > (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR > > 3.0.04506.30)" TCP_HIT:NONE > > It means the request was aborted before Squid could send the response > header. > > There is a slight delay in HIT processing coming from the disks as it > takes time to open disk files. If the client aborts in this time window > then you see log entries like this. > > Regards > Henrik thanks for your reply. I have abserved squid logs at that time. When this happened, the response time of squid is often more than 30 seconds, and no other urls are abnormal. I suspect that cache of "http://xxx.com.cn/public/js/livecast/function.js"; has problem, and maybe it's a bug of squid. I didnot use disk as cache, but mem: cache_mem 1800 MB cache_dir null /data1/squid/var/cache and I often find abnormal output of squidclient: Memory usage for squid via mallinfo(): Total space in arena: -1980532 KB Ordinary blocks: -1987251 KB 50184 blks Small blocks: 0 KB 0 blks Holding blocks: 8840 KB 2 blks Free Small blocks: 0 KB Free Ordinary blocks: 6718 KB Total in use: -1978411 KB 100% Total free: 6718 KB 0% Total size: -1971692 KB here, memory size always is negative value? int overflow? and $squidclient -p 80 mgr:5min sample_start_time = 1228439560.788657 (Fri, 05 Dec 2008 01:12:40 GMT) sample_end_time = 1228444076.391143 (Fri, 05 Dec 2008 02:27:56 GMT) here, sample time is wrong.
Re: [squid-users] How to interrupt ongoing transfers?
There isn't. Sorry. Adrian 2008/12/7 Kaustav Dey Biswas <[EMAIL PROTECTED]>: > Hi Adrian, > > Thanks a lot for your prompt reply. > > Actually, I need to implement the quota system as a part of my final year > Engineering project. I am planning to make it as a sort of an add-on package > over Squid, which will be compatible with all current versions of Squid. As > you can see, modifying the Squid source code is not an option for me. > > Please let me know if there is any way (or workaround) by which I can > interrupt ongoing transfers in current versions of Squid without having to > patch & rebuild it. > > Thanks & Regards, > Kaustav > > > > - Original Message > From: Adrian Chadd <[EMAIL PROTECTED]> > To: Kaustav Dey Biswas <[EMAIL PROTECTED]> > Cc: Squid > Sent: Saturday, 6 December, 2008 12:28:10 AM > Subject: Re: [squid-users] How to interrupt ongoing transfers? > > Someone may beat me to this, but I'm actually proposing a quote to a > company to implement quota services in Squid to support stuff just > like what you've asked for. > > I'll keep the list posted about this. Hopefully I'll get the green > light in a week or so and can begin work on implementing the > functionality in Squid-2. > > Thanks, > > > > Adrian > > 2008/12/5 Kaustav Dey Biswas <[EMAIL PROTECTED]>: >> Hi, >> >> I am a squid newbie. I am trying to set up daily download quotas for NCSA >> authorized users. I have a daemon running which checks the log files, and >> whnever the download limit is reached (for a particular user), it blocks >> that user in the config and reconfigures squid (squid -k reconfigure) for >> the changes to take effect. >> >> The problem is, if an http/ftp transfer is on (for that user), the changes >> made in the config doesnt take effect until that transfer session completes. >> >> Is there any way I can interrupt the transfer somehow (or say, force squid >> to re-read its ACL) without affecting sessions of other users? >> >> Thanks & Regards, >> Kaustav Dey Biswas > > > > Add more friends to your messenger and enjoy! Go to > http://messenger.yahoo.com/invite/ > >
