[squid-users] Performance tuning of SMP + Large rock

Hi, I am using squid cache as a forward caching proxy. CONTEXT: For my use case since: 1. the average object size is ~80KB (moreover > 32KB), 2. the proxy server has multiple cores available 3. the throughput requirement is high (upto 1Gbps) I have configured squid to use SMP + LargeRock. I am

[squid-users] To Chris on IRC with alias v1sion

This is a shout-out to Chris who tried to contact the Squid developers on IRC yesterday during a 10min period when we were all offline or otherwise occupied. I am fairly sure the issue mentioned is a misconfiguration rather than a security vulnerability. But just in case please send details of the

Re: [squid-users] A very low level question regarding performance of helpers.

On Thu, Feb 13, 2014 at 7:40 AM, Alex Rousskov wrote: > On 02/09/2014 06:48 AM, Eliezer Croitoru wrote: >> I have helpers in all sort of languages and it seems to me that there is >> a limit that do exist on the interface between squid and the helpers by >> the nature of the code as code. > > For

Re: [squid-users] question about large rock

On 02/12/2014 09:23 AM, k simon wrote: > I > create a 16GB size "rock" and limit the swap rate to 200, swap timeout > to 300. > When it's full filled, I reconfigured it. Iostat display the disk rps > is about 200/s and throughput about 4MBytes/s. It's spent 61 minutes to > rebuilding sucessfull

Re: [squid-users] A very low level question regarding performance of helpers.

On 02/09/2014 06:48 AM, Eliezer Croitoru wrote: > I have helpers in all sort of languages and it seems to me that there is > a limit that do exist on the interface between squid and the helpers by > the nature of the code as code. For sequential helpers, the throughput is a function of response ti

Re: [squid-users] Unbalaned Cpu cores with squid 3.4.3 with centos 6.4 64 bit

On 02/12/2014 07:29 AM, Dr.x wrote: > ive tried cenots6.4 64 bit with32 G ram with squid 3.4.3 with tptoxy , > > but > > the cpu cores are not balanced !!! > this machine is delr720 it has 24 cores , Do you have two physical CPUs with 12 physical cores each? If not, please note that you may ha

Re: [squid-users] object cached with certainty

On 2014-02-13 09:47, Carlos Defoe wrote: Hello, is there a way to be sure that some objects will be cached? I'm trying to cache this image blog: http://lustik.tumblr.com I configured one refresh_pattern line to match all tumblr, with some options that, as far as I undestood, will agressively t

[squid-users] Re: object cached with certainty

Some tcpdump caps. I can try to access it a thousand times, I get always the same answers, with the final MISS from the proxy. 192.168.1.254 is the proxy, 192.168.1.33 is one client, 66.6.40.40.80 is the website. 17:32:34.885281 IP 192.168.1.33.38721 > 192.168.1.254.3128: Flags [P.], seq 41668931

[squid-users] object cached with certainty

Hello, is there a way to be sure that some objects will be cached? I'm trying to cache this image blog: http://lustik.tumblr.com I configured one refresh_pattern line to match all tumblr, with some options that, as far as I undestood, will agressively try to cache it. # REFRESH_PATTERNS ##

Re: [squid-users] Re: squid3 block all 443 ports request

Hi Khalil, You've supplied a logically invalid access rule, ie an impossible match. You're trying to block everything that is on port 445 and also at the same time everything that is *not* on 443. I'd be surprised if you can get any access with that! What you need is something like (if you w

[squid-users] Re: question about large rock

Having tried to "decipher" the principles of rock some time ago, my impression at that time was, that this long time period of rebuild is caused by design of rock, as there must be a scan of the rock area to find all content and then to init the in-memory-pointers of squid. 16GB of rock storage wil

Re: [squid-users] question about large rock

Hi,Alex: I tested rock storage again with real traffic. It's about 300req/s, 60-80Mbit/s. Squid verison is 3.3.11 and on freebsd 10-stable box. I create a 16GB size "rock" and limit the swap rate to 200, swap timeout to 300. When it's full filled, I reconfigured it. Iostat display the disk rps

[squid-users] Re: squid3 block all 443 ports request

Better make it http_access deny !SSL_ports -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid3-block-all-443-ports-request-tp4664735p4664753.html Sent from the Squid - Users mailing list archive at Nabble.com.

[squid-users] Re: squid3 block all 443 ports request

Hi, here is my squid.conf file. here is my configuration concerning ssl ports: acl SSL_ports port 443 http_access deny SSL_ports !SSL_ports Regards, Khalil squid.conf -- View this message in context: http://squid-

Re: [squid-users] squid + squidguard

On 12/02/2014 14:50, jeffrey j donovan wrote: > > On Feb 12, 2014, at 7:15 AM, grmbl wrote: > >> Hello, just a quick question: is it possible to share domains file for squid >> & squidguard? > > what do you mean " domains file " ? Presumably a domains list. You can't share them directly as sq

Re: [squid-users] squid + squidguard

On Feb 12, 2014, at 7:15 AM, grmbl wrote: > Hello, just a quick question: is it possible to share domains file for squid > & squidguard? what do you mean " domains file " ? -j

Re: [squid-users] Unbalaned Cpu cores with squid 3.4.3 with centos 6.4 64 bit

Hi, Feel free to use 24 workers. There should not be deficiency in squid performance. For better performance, use cpu_affinity_map configuration directive to bind each squid worker to dedicated cpu core explicitly. Best wishes, Pavel On 02/12/2014 05:29 PM, Dr.x wrote: hi all , ive tried

[squid-users] Unbalaned Cpu cores with squid 3.4.3 with centos 6.4 64 bit

hi all , ive tried cenots6.4 64 bit with32 G ram with squid 3.4.3 with tptoxy , but the cpu cores are not balanced !!! this machine is delr720 it has 24 cores , before i go to try on this machine, i tried it on quad core machine with same config squid file and it gave me equal sharing among 8

Re: [squid-users] Debuging ERR_CONNECT_FAIL with SYSERR=110

W dniu 2014-02-12 14:11, Amos Jeffries pisze: > On 13/02/2014 1:59 a.m., Pawel Mojski wrote: >> W dniu 2014-02-12 13:54, Kinkie pisze: >>> On Wed, Feb 12, 2014 at 1:49 PM, Pawel Mojski wrote: W dniu 2014-02-12 13:30, Kinkie pisze: > On Wed, Feb 12, 2014 at 12:40 PM, Pawel Mojski wrote: >

Re: [squid-users] Debuging ERR_CONNECT_FAIL with SYSERR=110

On 13/02/2014 1:59 a.m., Pawel Mojski wrote: > W dniu 2014-02-12 13:54, Kinkie pisze: >> On Wed, Feb 12, 2014 at 1:49 PM, Pawel Mojski wrote: >>> W dniu 2014-02-12 13:30, Kinkie pisze: On Wed, Feb 12, 2014 at 12:40 PM, Pawel Mojski wrote: > Hi All; > > I have pretty loaded squid

Re: [squid-users] Debuging ERR_CONNECT_FAIL with SYSERR=110

>>> At the same time when squid reports a problem I can connect manually >>> from squid box to the same ip address (through telnet, wget, etc) and >>> nothing wrong occurs. >>> I even can belive somewhere somekind of timeout happened but how can I >>> find out what type of timeout it is? syn/ack, w

Re: [squid-users] A very low level question regarding performance of helpers.

On 12/02/2014 8:12 p.m., Alan wrote: > Hi Eliezer, > > I know you have been testing fake helpers in a variety of languages. > How about this one in C? > Save it to helper-trivial.c and then compile it like this: > gcc -O3 trivial.c -o trivial > strip trivial > > #include > int main(int argc, cha

Re: [squid-users] Debuging ERR_CONNECT_FAIL with SYSERR=110

W dniu 2014-02-12 13:54, Kinkie pisze: > On Wed, Feb 12, 2014 at 1:49 PM, Pawel Mojski wrote: >> W dniu 2014-02-12 13:30, Kinkie pisze: >>> On Wed, Feb 12, 2014 at 12:40 PM, Pawel Mojski wrote: Hi All; I have pretty loaded squid server working in interception mode. In about 0.

Re: [squid-users] Debuging ERR_CONNECT_FAIL with SYSERR=110

On Wed, Feb 12, 2014 at 1:49 PM, Pawel Mojski wrote: > W dniu 2014-02-12 13:30, Kinkie pisze: >> On Wed, Feb 12, 2014 at 12:40 PM, Pawel Mojski wrote: >>> Hi All; >>> >>> I have pretty loaded squid server working in interception mode. >>> In about 0.5% of total http request I have an ERR_CONNECT_

Re: [squid-users] Debuging ERR_CONNECT_FAIL with SYSERR=110

W dniu 2014-02-12 13:30, Kinkie pisze: > On Wed, Feb 12, 2014 at 12:40 PM, Pawel Mojski wrote: >> Hi All; >> >> I have pretty loaded squid server working in interception mode. >> In about 0.5% of total http request I have an ERR_CONNECT_FAIL with >> additional error SYSERR=110. >> How can I debug

Re: [squid-users] squid3 block all 443 ports request

On 12/02/2014 11:17 p.m., khadmin wrote: > Hi all, > I have this problem with Squid3. > It blocks all requests from ports 443 (google,youtube.). > I can't find an ACL to configure that. acl name is SSL_Ports > PS: i make just one acl to allow localnet users to connect. > acl local_network src

Re: [squid-users] Re: external_acl_type strange behavior

On 12/02/2014 10:32 p.m., bazn wrote: > Hi Amos > > Squid Version is 3.3.9 > > im using basic authentication. > > I don't know exactly what you mean with wheres the username come from. I > think it comes from the auth helper and it's passed to the external acl > helper via the %LOGIN variable.

Re: [squid-users] Debuging ERR_CONNECT_FAIL with SYSERR=110

On Wed, Feb 12, 2014 at 12:40 PM, Pawel Mojski wrote: > Hi All; > > I have pretty loaded squid server working in interception mode. > In about 0.5% of total http request I have an ERR_CONNECT_FAIL with > additional error SYSERR=110. > How can I debug a reason of those errors? > > The thing which c

[squid-users] squid + squidguard

Hello, just a quick question: is it possible to share domains file for squid & squidguard? - squid.conf -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-squidguard-tp4664737.html Sent from the Squid - Users mailing list archive at Nabble.com.

[squid-users] Debuging ERR_CONNECT_FAIL with SYSERR=110

Hi All; I have pretty loaded squid server working in interception mode. In about 0.5% of total http request I have an ERR_CONNECT_FAIL with additional error SYSERR=110. How can I debug a reason of those errors? The thing which consider me a lot is the URL and remote server of those requests. For

[squid-users] squid3 block all 443 ports request

Hi all, I have this problem with Squid3. It blocks all requests from ports 443 (google,youtube.). I can't find an ACL to configure that. PS: i make just one acl to allow localnet users to connect. acl local_network src 192.168.1.2-192.168.1.252. all others configurations are default config. Re

[squid-users] Re: external_acl_type strange behavior

Hi Amos Squid Version is 3.3.9 im using basic authentication. I don't know exactly what you mean with wheres the username come from. I think it comes from the auth helper and it's passed to the external acl helper via the %LOGIN variable. bazn -- View this message in context: http://squid-