Indunil Jayasooriya wrote:
Hi ,
my squid box became quite slow after adding ACLs. they use ncsa_auth.
belwo are a few Acls.
# These IPs have access to sites given in ACL paxarusers with password
acl paxarusers src 172.23.1.86
acl dstallowed4paxarusers dstdomain .paxaronline.com .dhl.com .dhl.com.lk
acl ncsa_users proxy_auth required
http_access allow paxarusers dstallowed4paxarusers ncsa_users
http_access deny paxarusers
# These IPS have access to sites given in ACL shipping with password
acl shipping src 172.23.1.73 172.23.1.88 172.23.1.95
acl dstallowed4shipping dstdomain .apl.com .hanjin.com .maersk.com
.mpower-shipper.com .tradecard.com .onlanka.com .dhl.com .
dhl.com.lk .wde.eserviceslanka.com .corporate.ndbbank.com .hsbcnet.com .slpa.lk
acl ncsa_users proxy_auth required
http_access allow shipping dstallowed4shipping ncsa_users
http_access deny shipping
# These IPS have access to sites given in ACL Nike with password
acl nike src 172.23.3.13 172.23.3.36 172.23.1.79 172.23.3.61
172.23.1.35 172.23.1.174 172.23.1.38 172.23.1.104
acl dstallowed4nike dstdomain .george.tactivity.com .nike.com
.nikeconnect.com .google.com .google.lk .dhl.com .dhl.com.lk .a
verydennison.com
acl ncsa_users proxy_auth required
http_access allow nike dstallowed4nike ncsa_users
http_access deny nike
#these have FULL ACCESS without password
acl mynet src 172.23.0.0/255.255.0.0
http_access allow mynet
Is it because of the above ACls.
Any advice is expected.
define 'slow'. 10MB/sec? 15sec/page? :-)
Maybe indirectly, and most visible with the ACLs.
Auth is often slowed, by congestion on the network between squid and the
auth server. Or slow helper. Lag between the client and squid on 407
messages. Or slow auth server software (usually seen with samba capping
out).
You will need to find a trace of whats being done when its 'slow' and
start looking for factors which might cause it.
Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE8
