In article <[EMAIL PROTECTED]> you write:
>Hmmm. I relay everything going toward the Internet through a proxy in
>front of the firewall (single parent mode). I was under the impression
We used to have a TIS firewall toolkit http-gw on a bastion host as
parent for Squid but a) performance wasn't right (fork()ing for every
request; I fixed that myself by using the on-demand preforking of
http-gw children like Apache does) and b) contains lots of obscure bugs.
>that not one socksd is run per every GET. I may have been wrong, but it
>works nicely, admittadly in a small-medium environment.
I socksified Squid (see other message) and together with a optimized
socks daemon (which preforks child processes so no fork() overhead) we
a) got a tremendous performance improvement over http-gw and b) never
got hit by http-gw bugs anymore. We're doing 50-150 reqs/sec and I
wouldn't call that a small-medium environment :-).
Arjan
