That's what I'm thinking also, but we have nearly 300 acls and a similar number of http_access rules. Our setup is like this. We have a machine proxy.company.com that runs both a proxy and a web server. We monitor the web server by grabbing a file every minute. We monitor the proxy by grabbing that same file through the proxy every minute. The proxy is configured to not cache any results (other than dns and authentication credential and other adminitrative data, but specifically not web pages). Over a day, the direct requests to the web server for the file takes an average of 20 milliseconds. On the other hand, the requests through the proxy average 888 milliseconds. This is an issue because a lot of the web pages are for web applications and so a second of delay for each page is really high, when the response time needs to be < 500ms. I'm just wondering if this type of delay is expected for such large ACL sets. The machine itself isn't really doing anything other than proxying requests (the web server portion just serves up the static proxy configuration file and this test file). The machine is more than enough to handle the current load, it's a dual proc machine w/ 2GB of ram and has essentially no disk access because it only serves those 2 files and writes logs. The only significant network activity are LDAP and DNS lookups but those should be cached by squid fairly quickly. The proxied requests make up the bulk of the network traffic on this machine. But from the example above, we do see several hundred milliseconds of delay for no obvious reason. Thanks for any pointers on tracking this down. Thien On 4/19/05, Henrik Nordstrom <hno@xxxxxxxxxxxxxxx> wrote: > On Tue, 19 Apr 2005, Thien Vu wrote: > > > The response time between the proxy and the actual server that is > > performing the data. > > The response time in access.log is as close as you get on a per-request > basis. As Squid does not buffer the whole response (only 16KByte) this > actually gets quite close. > > > I'm using squid as an authentication only proxy. No caching. I have > > many rules and want to see what type of overhead internally squid has. > > This is very hard to measure outside a testbench. > > > Or to put it another way -- I can get total client wait time by > > looking at access.log, I want to see how much of that wait is between > > the server and the proxy. Then subtract those two numbers to get an > > idea of how much overhead squid has. > > Provided your Squid is properly configured and you are not running out of > CPU this should be close to 0. > > Regards > Henrik >