Segue abaixo em azul o meu squid.conf: *authenticate_ip_ttl 60 seconds
acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl REDEINTHU src 10.0.0.0/8 acl InetAccess proxy_auth REQUIRED acl InetDeny proxy_auth "/etc/squid3/regras/inetdeny.**txt" acl CoordCIR proxy_auth "/etc/squid3/regras/coord.**txt" acl Plantonistas proxy_auth "/etc/squid3/regras/**plantonistas.txt" acl Manutencao proxy_auth "/etc/squid3/regras/**manutencao.txt" acl Desenv proxy_auth "/etc/squid3/regras/desenv.**txt" acl users_excecao proxy_auth "/etc/squid3/regras/users_exc.**txt" acl exc_sites proxy_auth "/etc/squid3/regras/exc_sites.**txt" acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl Safe_ports port 20 # ftp* * acl Safe_ports port 21 # ftp acl Safe_ports port 80 # http acl Safe_ports port 82 # IBICT acl Safe_ports port 443 # https, snews acl Safe_ports port 465 # smtp, Gmail acl Safe_ports port 995 # pop, Gmail acl Safe_ports port 1080 #acl Safe_ports port 1863 # msn acl Safe_ports port 2631 # Caixa Economica Federal acl Safe_ports port 3001 # Carga Viral - algoritmo.aids.gov.br acl Safe_ports port 3690 acl Safe_ports port 4500 acl Safe_ports port 4505 acl Safe_ports port 5000 acl Safe_ports port 5060 acl Safe_ports port 5432 acl Safe_ports port 6505 acl Safe_ports port 6605 acl Safe_ports port 5000 acl Safe_ports port 5060 acl Safe_ports port 5432 acl Safe_ports port 6505 acl Safe_ports port 6605 acl Safe_ports port 6991 acl Safe_ports port 7777-7778 acl Safe_ports port 8008 acl Safe_ports port 8080 acl Safe_ports port 9090-9099 acl Safe_ports port 8080 acl Safe_ports port 8081 acl Safe_ports port 8083 acl Safe_ports port 8991 acl Safe_ports port 23000 acl Safe_ports port 30000-30999 acl Safe_ports port 50000-50999 acl Safe_ports port 5222 acl Safe_ports port 32570 acl Safe_ports port 32566 acl SSL_ports port 443 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager acl pt20 port 20 acl pt21 port 21 acl pt82 port 82 acl pt465 port 465 acl pt995 port 995 acl pt1863 port 1863 acl pt2631 port 2631 acl pt4500 port 4500 acl pt4505 port 4505 acl pt5000 port 5000 acl pt5060 port 5060 acl pt5432 port 5432 acl pt6505 port 6505 acl pt6605 port 6605 acl pt6991 port 6991 acl pt8008 port 8008 acl pt8080 port 8080 acl pt8083 port 8083 acl pt8991 port 8991 acl pt8999 port 8999 acl pt9090 port 9090-9099 acl pt23000 port 23000 acl pt30000 port 30000-30999 acl pt50000 port 50000-50999 acl pt5222 port 5222 acl pt32570 port 32570 acl pt32566 port 32566 acl limit_user max_user_ip -s 1 acl numeric_ips urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]**+ acl skype_browser browser Skype acl updates_sites url_regex -i "/etc/squid3/regras/updates_**sites.txt" acl noauth_sites url_regex -i "/etc/squid3/regras/noauth_**sites.txt" acl ok_sites url_regex -i "/etc/squid3/regras/ok_sites.**txt" acl biblioteca url_regex -i "/etc/squid3/regras/**biblioteca.txt" acl institucionais_sites url_regex -i "/etc/squid3/regras/** institucionais_sites.txt" acl bad_domains dstdom_regex -i "/etc/squid3/regras/bad_**domains.txt" acl banned_sites url_regex -i "/etc/squid3/regras/banned_**sites.txt" acl proxy_list url_regex -i "/etc/squid3/regras/proxy_**list.txt" acl porn_sites url_regex -i "/etc/squid3/regras/porn_**sites.txt" acl noporn_sites url_regex -i "/etc/squid3/regras/noporn_**sites.txt" acl block_downloads url_regex -i "/etc/squid3/regras/block_**downloads.txt" acl noblock_downloads url_regex -i "/etc/squid3/regras/noblock_** downloads.txt" acl noblock_downloads url_regex -i "/etc/squid3/regras/noblock_** downloads.txt" acl block_streaming req_mime_type -i "/etc/squid3/regras/block_** streaming.txt" acl banned_sites url_regex -i "/etc/squid3/regras/banned_**sites.txt" acl seminternet src * *10.0.3.0/24 10.1.3.0/24 10.2.3.0/24 10.3.3.0/24 acl seminternet src 10.2.13.0/24 10.2.23.0/24 acl seminternet src 10.10.13.0/24 acl seminternet src 10.11.3.0/24 10.11.13.0/24 10.11.23.0/24 acl seminternet src 10.15.13.0/24 acl seminternet src 10.16.13.0/24 acl seminternet src 10.20.13.0/24 10.20.23.0/24 acl seminternet src 10.21.13.0/24 10.21.23.0/24 acl seminternet src 10.30.33.0/24 10.30.43.0/24 acl seminternet src 10.40.33.0/24 10.40.43.0/24 10.40.53.0/24 acl seminternet src 10.41.43.0/24 acl seminternet src 10.42.43.0/24 acl seminternet src 10.42.33.0/24 acl seminternet src 10.50.53.0/24 acl seminternet src 10.51.53.0/24 acl seminternet src 10.60.63.0/24 acl seminternet src 10.70.73.0/24 acl seminternet src 10.80.83.0/24 acl seminternet src 10.81.83.0/24 10.81.93.0/24 acl seminternet src * *10.100.93.0/24 10.100.103.0/24 acl seminternet src 10.101.93.0/24 10.101.103.0/24 acl seminternet src 10.111.123.0/24 acl seminternet src 10.112.133.0/24 acl seminternet src 10.201.3.0/24 acl seminternet src 10.205.13.0/24 acl seminternet src 10.206.13.0/24 acl rede_cnpq0 dst 200.252.232.0/24 acl srv_siscel_0 dst 200.252.24.5* * acl srv_siscel_1 dst 200.252.24.130 acl srv_aleph dst 200.145.5.15 acl srv_aleph dst 143.107.253.125 acl srv_aleph dst 143.54.1.5 acl srv_fenix dst 200.250.1.4 acl srv_nefro dst 200.222.47.215 acl srv_pato dst 201.63.1.10 acl srv_pato1 dst 189.56.21.66 acl srv_pato2 dst 200.188.208.235 acl srv_etha dst 200.100.101.5 acl srv_serpro dst 161.148.40.200 acl srv_cdc dst 198.246.96.5 acl srv_website_firjan dst 200.198.185.252 acl srv_website_ibict dst 200.130.0.7 acl srv_website_inep_sinaes dst 200.130.24.28 acl srv_website_assim dst 200.244.92.132* * acl srv_website_archeslib dst 200.163.18.182 acl srv_ftp_oup dst 12.107.205.35 acl srv_ftp_egertongroup dst 216.179.118.162 acl srv_clinmaldb dst 143.107.45.149 acl srv_ftp_datasus dst 200.214.44.164 acl host2234 src 10.111.121.51 acl recepcao src 10.111.138.0/24 10.111.139.0/24 acl coordenacao src 10.201.1.0/24 10.200.1.0/24 10.204.1.0/24 10.42.41.53/32 10.42.31.86/32 10.51.51.67/32 http_access allow localhost http_access deny proxy_list http_access allow institucionais_sites http_access allow Coord http_access allow updates_sites http_access allow users_excecao http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny inetdeny http_access allow Plantonistas http_access allow noauth_sites http_access deny banned_sites !ok_sites http_access deny seminternet http_access deny skype_browser http_access allow coordenacao skype_browser http_access deny block_streaming http_reply_access deny block_streaming http_access allow exc_sites http_access deny bad_domains http_access allow Manutencao http_access deny porn_sites http_access deny limit_user !biblioteca http_access allow ManutencaoCIR block_downloads http_access allow Desenv block_downloads http_access deny block_downloads !noblock_downloads http_access allow InetAccess http_access deny all http_reply_access allow all icp_access allow REDEINT icp_access deny all htcp_access deny all http_port 10.200.100.200:3128 hierarchy_stoplist cgi-bin ? cache_mem 1 GB #memory_replacement_policy heap LRU memory_replacement_policy heap GDSF # cache_replacement_policy lru cache_replacement_policy heap LRU cache_dir aufs /cache 4096 16 256 maximum_object_size 300 MB access_log /log_squid/access.log common cache_store_log none logfile_rotate 30 emulate_httpd_log on coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 visible_hostname proxyserver icp_port 3130 # check_hostnames off check_hostnames on dns_nameservers 10.200.150.128 append_domain .meu_dominio auth_param basic program /usr/lib/squid3/smb_auth -W MEU_DOMINIO -U 10.200.100.128 auth_param basic children 10 auth_param basic realm Nome_da_empresa auth_param basic credentialsttl 30 minutes auth_param basic casesensitive on* Muito obrigado pelo retorno Moksha Em 10 de agosto de 2012 16:40, Adiel de Lima Ribeiro < adiel.netad...@gmail.com> escreveu: > ** > Boa tarde, tem como enviar-nos seu squid.conf ? > > > > On Fri, 2012-08-10 at 16:30 -0300, Moksha Tux wrote: > > Boa tarde pessoal! > > Estou há muitos meses as voltas com o proxy daqui do meu trabalho, já faz > um bom tempo que a CPU do servidor trabalha quase o expediente inteiro de > trabalho oscilando entre 70 a 100%, a rede daqui do trabalho é segimentada > por VLANs e temos por volta de 2500 usuários e mais de 2200 hosts e a > configurção do hardware é robusta (Servidor IBM X3650 CPU Intel Xeon de 8 > núcleos e 4 GB de RAM e armazenamento de 1.3 TB sendo 6 discos SAS 15 krpm > em RAID 5), já fiz muitos testes a saber... regra de firewall barrando uma > VLAN por vez para analisar o desempenho e fluxo de conexão, levantei o > proxy em outro hardware, fiz partições separadas do cache, log e em > reiserfs e nada disso está adiantando, alguém poderia me ajudar? Será que > seria a versão deste squid do Debian squeeze apresentando bug? A minha rede > é Gigabit o que também não justificaria tal desempenho. O que mais devo > fazer? Obrigado a todos pela atenção! Abraços, > > Moksha > > > -- > Adiel de Lima Ribeirofacebook.com/sembr.dyndns.info > >