Olá pessoal.
Gostaria de pedir ajuda aos colegas para tentar melhorar o cache do squid.
Verificando os logs, estão ocorrendo bastante acessos do tipo TCP_MISS
304 e 200. Será que é possível conseguir HIT's
Agradeço pela atenção.
Seque squid.conf
##########################
error_directory /usr/share/squid/errors/Portuguese
http_port 3128 transparent
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
half_closed_clients off
# colocar em cache o que estiver a partir de 25%
quick_abort_pct 25
# enviar para o cliente quando ja estiver 2k em buffer
read_ahead_gap 2 KB
# fecha as conexoes que ja estao dando que nao em dados para ler
half_closed_clients off
# esconder a versao do squid
httpd_suppress_version_string on
quick_abort_min -1 KB
minimum_object_size 1 KB
cache_mem 170 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 800 MB
cache_dir aufs /cache/squid 6048 10 50
cache_log /var/log/squid/cache.log
cache_store_log none
cache_swap_low 90
cache_swap_high 95
#dns_nameservers 201.10.128.3 201.10.120.3
# DNS Google
dns_nameservers 8.8.8.8 8.8.4.4
# Arquivo onde sao guardados os logs de acesso do Squid.
cache_access_log /var/log/squid/access.log
visible_hostname ns1
# O e-mail que o Squid envia como senha ao acessar um servidor
# FTP anonimo:
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100%
43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080
100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100%
43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi)
4320 100% 43200 reload-into-ims
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i exe$ 0 50% 999999
refresh_pattern -i .jpg 0 50% 999999
refresh_pattern -i .gif 0 50% 999999
refresh_pattern -i .htm 0 50% 999999
refresh_pattern -i .html 0 50% 999999
refresh_pattern -i .jsp 0 50% 999999
refresh_pattern -i .css 0 50% 999999
refresh_pattern -i .ico 0 50% 999999
refresh_pattern -i .js 0 50% 999999
refresh_pattern -i zip$ 0 50% 999999
refresh_pattern -i tar\.gz$ 0 50% 999999
refresh_pattern -i tgz$ 0 50% 999999
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 20% 2280
refresh_pattern . 0 20% 4320
refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache
override-expire ignore-private
memory_pools on
buffered_logs on
pipeline_prefetch on
dns_retransmit_interval 15 seconds
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 8080
acl Safe_ports port 8081
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl msn_port port 1863 #msn
acl msn_port1 port 443 #
acl msn_port2 port 80 #
acl purge method PURGE
acl CONNECT method CONNECT
#cachemgr_passwd disable all
######### MICROS ##########
acl jairo arp 00:24:8C:FC:5C:99
acl raimunda arp 00:0D:87:29:E1:94
acl neto arp 00:16:17:FE:C7:8D
acl teste src 222.222.1.233
acl leonardo arp 00:1E:8C:26:E0:12
acl elson arp 00:24:21:F9:25:2A
###########################
######## SUPORTE ##########
acl suporte1 arp 00:1E:90:C4:FF:84
acl suporte2 arp 7A:79:05:C0:02:11
acl suporte3 arp 00:1E:90:C4:FF:79
acl suporte4 arp 7A:79:05:68:02:9C
acl suporte5 arp 00:11:5B:16:00:32
acl suporte6 arp 00:1E:90:C4:FF:84
acl suporte7 arp 00:0A:E6:D1:76:E4
# poliana
acl suporte8 arp 00:14:85:9A:C5:A5
acl suporte9 arp 7A:79:05:6B:1E:FE
acl suporte10 arp 00:14:2A:28:A7:74
###########################
####### FINANCEIRO ########
acl ana_paula arp 00:0F:EA:23:51:53
###### COMERCIAL #########
#acl natanael arp 00:21:97:82:BB:20 # anterior
acl natanael arp 00:24:2B:A6:25:D2
##########################
######### TI #############
acl ork url_regex -i .orkut.com
acl downl url_regex -i rapidshare megaupload 4shared easy-share
proxy.ashx .mediafire.com
acl spyware url_regex -i .servebeer.com
acl webmsn url_regex -i ebuddy
acl hf url_regex -i happyfarm.mentez.com
http_access allow leonardo downl
http_access allow mac_genivon_note downl
http_access allow servidorti downl
http_access allow servidorti webmsn
http_access deny spyware all
http_access deny hf
http_access allow jairo all
http_access deny suporte8 ork
http_access allow genivon all
###################Declaracao das
ACLS################################################
###################### MSN
########################################################
#msn contem os arquivos com enderecos a serem bloqueados para o
funcionamento do MSM
acl Negar_MSN url_regex -i "/etc/squid/msn_dll.txt"
acl orkut url_regex -i orkut
http_access allow leonardo orkut
###################### UPDATES ################################
#Sites de Updates Liberados para todos
acl sites_update url_regex "/etc/squid/liberado_update.txt"
acl atualizacoes url_regex -i .kaspersky.com .kaspersky.com.br
.kaspersky-labs.com .microsoft.com .cceinfo.com.br .dell.com
.dell.com.br .nodevice.com .axper.com .avira-update.com
###################### DIRETORIA ##############################
#Diretoria IPS com previlegio total sem restricao
acl diretoria src "/etc/squid/diretoria.txt"
acl diretoria_mac arp "/etc/squid/diretoria_mac.txt"
##################### DOWNLOADS #################################
#Conjunto de ACLS que bloqueiam os downloads
acl download urlpath_regex "/etc/squid/bloqueio_downloads.txt"
acl mimeproibe rep_mime_type "/etc/squid/mimeproibe" # Bloqueia a
execuçde aplicativos dmime-type
acl nofiles urlpath_regex -i
\.(mp3|avi|mpg|mpeg|asf|wmv|ra|rm|ram|asx|asf|afx|asfv1|divx|m3u|viv|vivo|vo|flv|pps|mp4)$
acl blockexe urlpath_regex -i
\.(com|pif|bat|wmv|mp3|avi|mpg|mpge|asf|asfv1|flv|pps|mp4)($|\?)
acl youtube1 urlpath_regex -i "/etc/squid/youtube"
acl exe urlpath_regex -i .exe
##################### EXCESSOES AUTORIZADAS #####################
acl excessoes_autorizadas url_regex -i "/etc/squid/excessoes_autorizadas.txt"
http_access allow jairo excessoes_autorizadas
http_access allow elson excessoes_autorizadas
http_access allow leonardo excessoes_autorizadas
http_access allow neto excessoes_autorizadas
#http_access allow raimunda excessoes_autorizadas
############################# ORKUT #############################
acl orkut url_regex -i .orkut.com
http_access allow natanael orkut
################################################################
# Financeiro
http_access allow ana_paula Negar_MSN
acl excessoes url_regex -i "/etc/squid/excessoes.txt"
http_access allow excessoes
##################### BLOQUEADOS ################################
#acls que estao em arquivos
acl bloqueados url_regex "/etc/squid/bloqueados.txt"
##################### REDES #####################################
#Redes
acl rede_adm src 222.222.1.0/24
acl rede_des src 222.222.3.0/24
acl rede_sup src 222.222.4.0/24
acl rede_tre src 222.222.5.0/24
acl comercial01 src 222.222.1.26
acl comercial02 src 222.222.1.163
acl comercial03 src 222.222.1.142
#################### HORARIOS ##################################
#acls de horario
acl horario_semana time MTWHF 08:00-18:00
acl horario_sabado time A 08:00-12:00
################## FIM DAS DECLARACOES ACLS ###################
########################Uso das acls combinacoes################
#Permite a diretoria e comercial antes que tudo
http_access allow diretoria
http_access allow diretoria_mac
http_access allow comercial01
http_access allow comercial02
http_access allow comercial03
#permite o acesso a sits update
http_access allow sites_update
#Escopo das ACLS Liberados
#http_reply_access allow diretoria mimeproibe
#http_access deny diretoria nofiles
#http_access deny download
#http_access deny manager
####################TESTE DE CONTROLE DE BANDA###################
#acl extensoes_limitadas url_regex -i .exe .mp3 .vqf .tar.gz .gz .rar
.avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .wmv
#acl extensoes_limitadas url_regex -i .* !.html !.htm !.php !.asp
!.aspx !.js !.css !.jpg !.png !.gif !.swf !.ico !.jsp !.jpeg
acl limitados url_regex -i .2shared.com .youtube.com .youtube.com.br
.flv .microsoft.com .windowsupdate.com video
#acl extensoes_limitadas_video url_regex -i .flv
acl micro1 src 222.222.1.139
delay_pools 2
delay_class 1 1
delay_parameters 1 28000/28000
delay_access 1 allow limitados
delay_class 2 1
delay_parameters 2 15000/15000
delay_access 2 allow limitados micro1
#################################################################
#Escopo das ACLS Bloqueio
#http_access deny blockexe
#http_reply_access deny mimeproibe
#http_access deny nofiles
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow manager localhost
#Bloqueios e liberacoes
#Administrativo
http_access deny bloqueados horario_semana rede_adm
http_access deny bloqueados horario_sabado rede_adm
http_access deny bloqueados SSL_ports horario_sabado rede_adm
http_access deny bloqueados SSL_ports horario_semana rede_adm
#Desenvolvimento
http_access deny bloqueados horario_semana rede_des
http_access deny bloqueados horario_sabado rede_des
http_access deny bloqueados SSL_ports horario_sabado rede_des
http_access deny bloqueados SSL_ports horario_semana rede_des
#Suporte
http_access deny bloqueados horario_semana rede_sup
http_access deny bloqueados horario_sabado rede_sup
http_access deny bloqueados SSL_ports horario_semana rede_sup
http_access deny bloqueados SSL_ports horario_sabado rede_sup
http_access allow Negar_MSN suporte1
http_access deny Negar_MSN suporte2
http_access deny Negar_MSN suporte3
#http_access allow Negar_MSN2 suporte3
#http_access allow msn suporte3
http_access deny Negar_MSN suporte4
http_access deny Negar_MSN suporte5
http_access deny Negar_MSN suporte6
http_access allow Negar_MSN suporte7
http_access allow Negar_MSN suporte8
http_access deny Negar_MSN suporte9
http_access deny Negar_MSN suporte10
http_access allow Negar_MSN neto
#Treinamento
http_access deny bloqueados rede_tre
http_access deny bloqueados SSL_ports rede_tre
http_access deny Negar_MSN rede_tre
http_access allow rede_adm
http_access allow rede_des
http_access allow rede_sup
http_access allow rede_tre
####################### LIBERA O ACESSO DAS REDES ################
http_access deny all
##################################################################
########################## FIM DO squid.conf
