[CentOS-es] Squid lento

Luis Alberto Roman Aguirre Tue, 30 Jul 2013 20:39:12 -0700



Buenas Lista:
Les comento que hace algunos dias, instale un nuevo  servidor en Centos 6.4 .  
la cuestion es que el SQUID anda muy  lento.Pense que era mi  linea , pero 
conectado una maquina directo  al  router es rapidisimo, pero  si lo pongo 
detras del proxy  la pagina se demora antes de cargar unos 7 a 8 Segundos.
copio  mi squid.: en pastebin (http://pastebin.com/Gk5UVYgP)
··············································acl manager proto cache_objectacl 
localhost src 127.0.0.1/32 ::1acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.# Adapt to list your 
(internal) IP networks from where browsing# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal networkacl localnet 
src 172.16.0.0/12  # RFC1918 possible internal networkacl localnet src 
192.168.0.0/16 # RFC1918 possible internal networkacl localnet src fc00::/7     
  # RFC 4193 local private network rangeacl localnet src fe80::/10      # RFC 
4291 link-local (directly plugged) 
machines#################################################################################INTERNET
 POR HORAS#######################
acl H_ADMIN time SMTWHFA 13:00-14:00acl H_UPDATE time  SMTWHFA 13:00-14:00acl 
E_HORA  time  SMTWHFA  17:30-20:00acl CONNECT method CONNECT
###################################################PAGINAS ADMITIDAS HORAS 
TRABAJO############
acl L_ADMIN url_regex "/etc/squid/pag_personal"acl P_ADMIN url_regex 
"/etc/squid/pag_personalPAMPA"##############################################acl 
restringido url_regex "/etc/squid/restringido.acl"acl restringidoadmin 
url_regex "/etc/squid/restringidoadmin.acl"acl EXTENSION1 urlpath_regex -i 
\.dll$acl EXTENSION2 urlpath_regex -i 
\.exe$\.mp3$\.mov$\.mpeg$\.ppt$\.pps$\.wms$acl badsites dstdomain 
.facebook.comacl skype_url url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl ACT url_regex "/etc/squid/pag_actualizacion"
acl DIRECTORES src "/etc/squid/direccion.acl"acl ADMIN       src 
"/etc/squid/administrativos.acl"acl UPADMIN     src "/etc/squid/upadmin.acl"acl 
JEFATURALPAMPA src "/etc/squid/jefaturalpampa.acl"acl PAMPA       src 
"/etc/squid/adminpampa.acl"acl UPDATE      url_regex  
"/etc/squid/update.acl"acl SININTERNET src 
"/etc/squid/negados.acl"###############################################
#acl SSL_ports port 443acl Safe_ports port 80          # httpacl Safe_ports 
port 21          # ftpacl Safe_ports port 443         # httpsacl Safe_ports 
port 70          # gopheracl Safe_ports port 210         # waisacl Safe_ports 
port 1025-65535  # unregistered portsacl Safe_ports port 280         # 
http-mgmtacl Safe_ports port 488         # gss-httpacl Safe_ports port 591      
   # filemakeracl Safe_ports port 777         # multiling http
#http_reply_access deny badsites JEFATURALPAMPA## Recommended minimum Access 
Permission configuration:## Only allow cachemgr access from 
localhosthttp_access allow manager localhost#http_access deny block-fnes
#http_access allow all

# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports#http_access deny CONNECT 
!SSL_ports
# We strongly recommend the following be uncommented to protect innocent# web 
applications running on the proxy server who think the only# one who can access 
services on "localhost" is a local user#http_access deny to_localhost
## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS#
# Example rule allowing access from your local networks.# Adapt localnet in the 
ACL section to list your (internal) IP networks# from where browsing should be 
allowed
http_access allow localhosthttp_access allow DIRECTORES !ACThttp_access allow 
UPADMIN !restringidoadmin !EXTENSION1 !EXTENSION2http_access allow 
JEFATURALPAMPA !restringido !EXTENSION1 !EXTENSION2http_access allow ADMIN 
L_ADMIN !restringidoadmin  !EXTENSION1 !EXTENSION2http_access allow H_ADMIN 
ADMINhttp_access allow H_UPDATE ADMIN UPDATE !restringido !EXTENSION1 
!EXTENSION2http_access allow SININTERNET UPDATEhttp_access allow PAMPA P_ADMIN 
!restringidoadmin !restringido !EXTENSION1 !EXTENSION2http_access allow H_ADMIN 
PAMPAhttp_access allow H_ADMIN JEFATURALPAMPAhttp_access allow E_HORA 
PAMPAhttp_access allow H_ADMIN JEFATURALPAMPAhttp_access deny badsites 
JEFATURALPAMPAhttp_access deny  badsiteshttp_access deny CONNECT badsites 
JEFATURALPAMPA
# And finally deny all other access to this proxy#http_access deny CONNECT 
skype_urlhttp_access deny all
# Squid normally listens to port 3128#http_port  3128 transparent#http_port  
3128http_port 3128 intercept
# We recommend you to use at least the following line.hierarchy_stoplist 
cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.cache_dir 
ufs /var/spool/squid 10000 16 256#cache_dir aufs /var/spool/squid 1000 16 256
# Leave coredumps in the first cache dircoredump_dir 
/var/spool/squid####query_icmp on
#query_icmp on
############
# Add any of your own refresh_pattern entries above these
refresh_pattern -i \.(html|htm|html\?|htm\?)$ 9440 90% 100000 override-expire 
reload-into-ims#refresh_pattern -i 
\.(gif|png|jpg|jpeg|ico|bmp|tiff|webp|bif|gif\?|png\?|jpg\?|jpeg\?|ico\?|bmp\?|tiff\?|webp\?|bif\?)$
 36000 90% 100000 override-expire reload-into-ims ignore-reloadrefresh_pattern 
\.(swf|swf\?|js|js\?|wav|css|css\?|class|dat|zsci)$ 36000 90% 100000 
override-expire reload-into-imsrefresh_pattern -i 
\.(bin|deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|docx|tiff|pdf|uxx|gz|xls|xlsx|psd|crl|msi|dll|dll\?|crx|enc|skl|arc)$
 36000 90% 100000 override-expire override-lastmod reload-into-ims 
ignore-reloadrefresh_pattern -i \.(xml)$ 0 90% 100000refresh_pattern -i 
\.(json|json\?)$ 1440 90% 5760 override-expire reload-into-imsrefresh_pattern 
-i (/cgi-bin/|\?) 0 0% 0
refresh_pattern ^ftp:           1440    20%     10080refresh_pattern ^gopher:   
     1440    0%      1440refresh_pattern -i (/cgi-bin/|\?) 0     0%      
0refresh_pattern .               0       20%     
4320#####################ignore_expect_100 onlog_icp_queries 
offminimum_object_size 0 KBbuffered_logs onpipeline_prefetch 
oncache_effective_user squidcache_effective_group 
squid###############maximum_object_size 250 MBmaximum_object_size_in_memory 1 
MBvisible_hostname shadowunique_hostname shadow-DHS#client_db 
off#cache_store_log nonepositive_dns_ttl 16 day#shutdown_lifetime 0 
secondcache_mem 1024 MBcache_swap_low 90cache_swap_high 95ipcache_size 
8192fqdncache_size 8192######################visible_hostname mailforwarded_for 
onie_refresh ondns_nameservers 200.62.191.11 200.62.191.12dns_defnames off
######################
request_header_max_size 256 KBmemory_replacement_policy heap 
GDSFcache_replacement_policy heap LRUmemory_pools offquick_abort_min 0 
KBquick_abort_max 0 KBbuffered_logs onread_ahead_gap 1 MB#access_log 
nonehalf_closed_clients off
······································
Gracias por la ayuda.
Luis Roman
                                                                                
  
_______________________________________________
CentOS-es mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Squid lento

Responder a
