Package: squid3 Version: 3.1.6-1.2+squeeze2 Severity: important
Our proxy serves some 300+ users. Recently we moved to Debian Squeeze with Squid 3, however are not satisfied with the performance at all: sometimes Squid 3 process consumes over 5GB memory itself, so that with other services (Dansguardian, ClamAV), even 6GB of RAM is not enought and the machine starts swapping heavily (even over 2GB) and web pages stop being served (DOS). This happens few times per week. Usually the Squid 3 process is well over 3GB in size! Before, we used a Debian Lenny with Squid (2.x) and there has never been problem like this, despite machine having only 4GB of RAM. Now it seems that at least 8GB would be necessarry, however this is unacceptable and we consider switching back to Squid 2.x instead. -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=sk_SK.UTF-8, LC_CTYPE=sk_SK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages squid3 depends on: ii adduser 3.112+nmu2 add and remove users and groups ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libcomerr2 1.41.12-4stable1 common error description library ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [ ii libexpat1 2.0.1-7 XML parsing C library - runtime li ii libgcc1 1:4.4.5-8 GCC support library ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - k ii libk5crypto3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii libxml2 2.7.8.dfsg-2+squeeze3 GNOME XML library ii logrotate 3.7.8-6 Log rotation utility ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii netbase 4.45 Basic TCP/IP networking system ii squid3-common 3.1.6-1.2+squeeze2 A full featured Web Proxy cache (H squid3 recommends no packages. Versions of packages squid3 suggests: pn resolvconf <none> (no description available) pn smbclient <none> (no description available) pn squid-cgi <none> (no description available) pn squidclient <none> (no description available) -- Configuration Files: /etc/logrotate.d/squid3 changed: /var/log/squid/*.log { daily compress delaycompress rotate 7 missingok nocreate sharedscripts postrotate test ! -e /var/run/squid3.pid || /usr/sbin/squid3 -k rotate endscript } /etc/squid3/squid.conf changed: acl manager proto cache_object acl localhost src 127.0.0.1/32 195.80.161.10/32 10.6.0.4/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT follow_x_forwarded_for allow localhost follow_x_forwarded_for deny all http_access allow localnet http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow localhost http_access deny all http_port 127.0.0.1:8080 http_port 10.6.0.4:8080 hierarchy_stoplist cgi-bin ? maximum_object_size_in_memory 256 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs /var/spool/squid 40000 16 256 maximum_object_size 740 MB access_log /var/log/squid/access.log squid log_mime_hdrs on cache_log /var/log/squid/cache.log coredump_dir /var/spool/squid3 ftp_list_width 48 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 quick_abort_max -1 KB quick_abort_pct 90 store_avg_object_size 64 KB request_header_access From deny all request_header_access Referer deny all request_header_access Server deny all cache_effective_group proxy httpd_suppress_version_string on delay_pools 5 err_html_text <a href="mailto:ad...@banskabystrica.sk> E-mail administratora </a> dns_timeout 1 minutes memory_pools off memory_pools_limit 24 MB forwarded_for truncate acl work_time time M-F 7:00-17:00 acl weekend_time time A-S acl fast_files url_regex -i .deb .nup .htm .html acl slow_files url_regex -i .ftp .mp3 .zip .mov .mpeg .rar .avi .raw .wav .rm .qt .ram .iso .mpg .mpe .asf .ogg .wmv .wma .flv acl documents url_regex -i .txt .pdf .doc .dot .xls .xlt .pps .ppt .rtf .sxw .stw .sxc .stc .sxi .sti .odt .ott .ods .ots .odp .otp .odg .otg .js .jsp .jspx .css .png .gif acl fast_domains_a dstdomain .banskabystrica.sk .slovenska.sk .virtualne.sk .katasterportal.sk .microsoft.com .windowsupdate.com fpdownload.macromedia.com .debian.org acl fast_domains_b dstdomain eb.dexia.sk .corageo.sk .banskabystrica.eu mozilla2.mirrors.tds.net ftp-mozilla.netscape.com sunsite.rediris.es mozilla.isc.org ftp.linux.cz acl fast_domains_c dstdomain .dashofer.sk download.opensuse.org .novell.com .mediacapitol.com .gisplan.sk .hp.com acl fast_servers dst 195.28.70.134 acl slow_domains1 dstdomain .rapidshare.com .czshare.com .uloz.to .vimeo.com .megauploads.com .zenoswarbirdvideos.com .helldata.com .patricksaviation.com delay_class 1 2 delay_parameters 1 1700000/2000000 1250000/1500000 delay_access 1 allow fast_files delay_access 1 allow fast_domains_a delay_access 1 allow fast_domains_b delay_access 1 allow fast_servers delay_access 1 deny all delay_class 2 2 delay_parameters 2 250000/500000 100000/250000 delay_access 2 allow slow_files delay_access 2 allow slow_domains1 delay_access 2 deny all delay_class 3 2 delay_parameters 3 -1/-1 -1/-1 delay_access 3 allow weekend_time delay_access 3 deny all delay_class 4 2 delay_parameters 4 500000/830000 200000/500000 delay_access 4 allow work_time delay_access 4 allow localhost delay_access 4 allow fast_files delay_access 4 allow documents delay_access 4 deny all delay_class 5 2 delay_parameters 5 833000/833000 500000/500000 delay_access 5 allow !work_time delay_access 5 deny all -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org