Bom dia ao grupo estou tendo um grande problema com lentidão na navegação, de manha começa bem mais conforme vai entrando mais pessoas na Net a squid vai ficando insuportavel de lento. Estas são minhas configurações do squid e dansguardian
Meu servidor Intel(R) Xeon(R) CPU E5530 @ 2.40GHz 8 GB Memoria 298 GB HD em Raid 1 onde esta Sistema Operacional 896 GB HD em Raid 5 onde esta o cache do Squid Squid : # # Squid configuration file -- Stripped of comments for clarity # # There are actually two proxies running - 1 for Dansguardian # (from localhost) and the other for the masses # The transparent proxy is bound to the localhost IP and listens on 3128 http_port 127.0.0.1:8080 # The following 7 lines are default Squid configuration hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache_mem 10 GB maximum_object_size_in_memory 4096 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA maximum_object_size 102400 KB cache_swap_low 90 cache_swap_high 95 cache_access_log /cache/squid/access.log cache_store_log none # # Cache Disk # cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 cache_dir diskd /cache/squid 50000 64 256 Q1=64 Q2=72 # The following 3 lines configure NTLM authentication for browsers. # This is the primary method used for proxy authentication auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on # This is a failsafe authentication in case the client application # doesn't support NTLM. It uses Basic # authentication and still authenticates off of the same ntlm_auth piece auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm WebProxy. Digite seu login e senha. auth_param basic credentialsttl 2 hours auth_param basic casesensitive off # The following 25 lines are default Squid configuration refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 half_closed_clients off # acl acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl purge method PURGE acl CONNECT method CONNECT # These are custom configurations for our environment. # First we are creating an ACL group for people who were # authenticated by the NTLM #acl ntlm_users proxy_auth REQUIRED acl authenticated proxy_auth REQUIRED # This is a generic ACL of valid IP addresses on our network # that have access to the proxy # Ex: acl our_networks src 192.168.0.0/24 # acl our_networks src 10.69.29.0/24 acl our_networks src 10.69.28.0/24 acl our_networks src 10.0.6.0/24 acl our_networks src 10.69.31.0/24 acl our_networks src 10.69.15.0/24 acl our_networks src 10.69.30.0/24 acl our_networks src 10.30.0.0/24 acl our_networks src 10.69.14.0/24 acl our_networks src 10.69.25.0/24 acl our_networks src 10.69.24.0/24 acl our_networks src 10.69.27.0/24 acl our_networks src 10.0.2.0/24 acl our_networks src 10.69.26.0/24 acl our_networks src 10.69.21.0/24 acl our_networks src 10.69.20.0/24 acl our_networks src 10.31.1.0/24 acl our_networks src 10.69.23.0/24 acl our_networks src 10.69.22.0/24 acl our_networks src 10.69.17.0/24 acl our_networks src 10.69.16.0/24 acl our_networks src 10.69.19.0/24 acl our_networks src 10.69.18.0/24 acl our_networks src 11.0.0.0/8 # Some browsers don't support NTLM authentication. Rather # than harass the user with pop-up's, we are excepting # out known browser issues from the NTLM credentials. # We know that Java generally does not support NTLM # (although some newer versions may) acl non_ntlm browser Java/1.4 Java/1.5 Java/1.6 # Oddly enough, Google's Chrome browser does not support NTLM # authentication acl non_ntlm browser Chrome # The following 6 lines are default Squid configuration http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # Now we're actually allowing appropriate users access the proxy. # The first step is to except out the non_ntlm browsers that # were defined above. This bypasses that authentication # scheme before it gets to the allowance of ntlm_users #http_access allow non_ntlm http_access allow authenticated # We want the localhost to be able to proxy http_access allow localhost # And finally, this is the line that allows anyone on # our network, that has been authenticated by the NTLM piece to # get through. It's not real intuitive, but it seems # that it only authenticates the browser when it actually gets # to this line. In other words, non_ntlm browsers that # were allowed above don't get prompted. # Note that any browser that bypasses the NTLM authentication # will show up in the logs without a username. #http_access allow our_networks ntlm_users http_access allow our_networks # Fecha a porta http_access deny all # The following 4 lines are default Squid configuration http_reply_access allow all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all visible_hostname web01 coredump_dir /var/spool/squid Dansguardian : reportinglevel = 3 languagedir = '/etc/dansguardian/share/dansguardian/languages' language = 'portuguese' loglevel = 2 logexceptionhits = 2 logfileformat = 1 loglocation = '/cache/dansguardian/access.log' filterip = filterport = 3128 proxyip = 127.0.0.1 proxyport = 8080 accessdeniedaddress = 'http://11.1.1.52/cgi-bin/dansguardian.pl' nonstandarddelimiter = on usecustombannedimage = on custombannedimagefile = '/etc/dansguardian/share/dansguardian/transparent1x1.gif' filtergroups = 1 filtergroupslist = '/etc/dansguardian/etc/dansguardian/lists/filtergroupslist' bannediplist = '/etc/dansguardian/etc/dansguardian/lists/bannediplist' exceptioniplist = '/etc/dansguardian/etc/dansguardian/lists/exceptioniplist' showweightedfound = on weightedphrasemode = 2 urlcachenumber = 1000 urlcacheage = 900 scancleancache = on phrasefiltermode = 2 preservecase = 0 hexdecodecontent = off forcequicksearch = off reverseaddresslookups = off reverseclientiplookups = off logclienthostnames = off createlistcachefiles = on maxuploadsize = -1 maxcontentfiltersize = 256 maxcontentramcachescansize = 2000 maxcontentfilecachescansize = 20000 filecachedir = '/tmp' deletedownloadedtempfiles = on initialtrickledelay = 20 trickledelay = 10 downloadmanager = '/etc/dansguardian/etc/dansguardian/downloadmanagers/fancy.conf' downloadmanager = '/etc/dansguardian/etc/dansguardian/downloadmanagers/default.conf' contentscannertimeout = 60 contentscanexceptions = off authplugin = '/etc/dansguardian/etc/dansguardian/authplugins/proxy-basic.conf' authplugin = '/etc/dansguardian/etc/dansguardian/authplugins/proxy-ntlm.conf' recheckreplacedurls = off forwardedfor = off usexforwardedfor = off logconnectionhandlingerrors = on logchildprocesshandling = off maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 maxips = 0 ipcfilename = '/tmp/.dguardianipc' urlipcfilename = '/tmp/.dguardianurlipc' ipipcfilename = '/tmp/.dguardianipipc' nodaemon = off nologger = off logadblocks = off loguseragent = off softrestart = off mailer = '/usr/sbin/sendmail -t'
