GIGO . wrote:
Dear All,
I am facing this problem that images are not loading properly into web pages. The clients that are directly on ISA are having better expereince of net browsig then Squid with cache. (Its response is slow).
Something to do with my cache settings??
Further information : I have four(4) Gb of physical ram on my server (ubuntu 8.04 LTS). With Physical Raid 1 implemented on IBM 3650 X series. Default Partition Scheme of Ubunutu (Without LVM) is applied.
please guide me about it.
regards,
Bilal
My Squid.conf File
visible_hostname 10.1.82.53
cache_peer 10.1.82.205 parent 8080 0 default no-digest no-query
http_port 10.1.82.53:3128
never_direct allow all
cache_effective_user proxy
cache_mgr bilal.aslam@xxxxxxxxxx
coredump_dir /var/sppol/squid3
cache_dir ufs /var/squidcache 50000 16 256
Problem #1: ufs filesystem is slowest available. Use aufs on Linux.
cache_swap_low 75
cache_mem 1000 MB
maximum_object_size 195 MB
minimum_object_size 12 bytes
cache_replacement_policy lru
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl localServers dst 10.1.82.0/24 10.1.80.0/24 10.1.245.0/24
#acl localServers dstdomain .bla.bla.com
no_cache deny LocalServers
Problem #2: "no_cache" is obsolete.
The above means prevent caching of LocalServers responses.
ie:
cache deny LocalServers
acl Query urlpath_regex cgi-bin \?
cache deny Query
hierarchy_stoplist cgi-bin ?
Problem #3: dynamic web objects are extremely common these days and a
large portion are cacheable. Maybe the stuff you want cached has a ? in it.
Remove the "Query" ACL and rules.
acl manager proto cache_object
http_access allow manager
http_access deny manager
acl OverConnLimit maxconn 10
http_access deny OverConnLimit
Note: capping connection limits is known to cause noticeable slowdown
for clients. The more parallel requests that can be down the faster
large multi-object pages download (sites like www.cnn.com with it's
legendary 480+ front-page objects [they have improved now]). It's up to
you though.
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
http_access allow localhost
acl SSL_ports port 443 #https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl FcUsr src "/etc/squid3/FcUsr.conf"
acl PUsr src "/etc/squid3/PUsr.conf"
acl RUsr src "/etc/squid3/RUsr.conf"
acl Working_hours time MTWHF 09:00-17:00
acl inlunchbreak time 13:00-14:30
####----Definitions for BlockingRules----#####
###Definition of MP3/MPEG
acl FTPMP3 url_regex -i ^ftp://.*\.mp3$
Sometimes like this its faster to spit that into two ACLs...
acl FTP proto FTP
acl MP3url urlpath_regex \.mp3(\?.*)?$
http_accesss ... FTP MP3url
acl Movies rep_mime_type video/mpeg
acl MP3s rep_mime_type audio/mpeg
###Definition of Flash Video
acl deny_rep_mime_flashvideo rep_mime_type video/flv
###Definition of Porn
acl Sex urlpath_regex sex
acl PornSites url_regex "/etc/squid3/pornlist"
####Definition of YouTube.
## The videos come from several domains
acl youtube_domains dstdomain .youtube.com .googlevideo.com .ytimg.com
###Definition of FaceBook
acl facebook_sites dstdomain .facebook.com
#### Definition of MSN Messenger
acl msn urlpath_regex -i gateway.dll
acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
acl msn1 req_mime_type application/x-msn-messenger
####Definition of Blockig Skype
acl numeric_IPs url_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype^
##Definition of Yahoo! Messenger
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim
## Other protocols Yahoo!Messenger uses ??
acl ym dstdomain .skype.com .imvu.com
###Disallowing download of executables from web#####
acl downloads url_regex "/etc/squid3/download.conf"
###---------------------------------------------########
http_access deny PornSites RUsr
http_access deny PornSites PUsr
http_access deny Sex RUsr
http_access deny Sex PUsr
http_access deny msnd PUsr
http_access deny msnd RUsr
http_access deny msn PUsr
http_access deny msn RUsr
http_access deny msn1 PUsr
http_access deny msn1 RUsr
http_access deny numeric_IPs PUsr
http_access deny numeric_IPs RUsr
http_access deny Skype_UA PUsr
http_access deny Skype_UA RUsr
http_access deny ym RUsr
http_access deny ym PUsr
http_access deny ymregex RUsr
http_access deny ymregex PUsr
#----Most Restricted settings Exclusive for Normal users......#
http_reply_access deny Movies RUsr
http_reply_access deny MP3s RUsr
http_access deny FTPMP3 RUsr
http_access deny FTP MP3url
http_reply_access deny deny_rep_mime_flashvideo RUsr
http_access deny youtube_domains RUsr
http_access deny facebook_sites RUsr
http_access deny downloads RUsr
http_access allow youtube_domains inlunchbreak PUsr
http_access allow facebook_sites inlunchbreak PUsr
http_access deny youtube_domains PUsr Working_hours
http_access deny facebook_sites PUsr Working_hours
http_access allow FcUsr
http_access allow PUsr
http_access allow RUsr
http_access deny all
As a general rule-of-thumb for better speed place the faster ACL first
on each line and the slowest at the end. For Squid remote lookups is
_the_ slowest around, with regex a close second.
This is a rough estimate of the order (top== fastest) of speed of your
ACL types:
src / port / proto / method
dstdomain / time
urlpath_regex / rep_mime_type / req_mime_type
url_regex / browser
To speed your Squid up you need a lot of access line changes like this one:
before optimizing:
http_access allow youtube_domains inlunchbreak PUsr
after optimizing:
http_access allow PUsr inlunchbreak youtube_domains
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24
Current Beta Squid 3.1.0.17