On Mon, 2010-03-22 at 08:47 +0100, Marcello Romani wrote: > Muhammad Sharfuddin ha scritto: > > On Mon, 2010-03-22 at 19:27 +1300, Amos Jeffries wrote: > >>> Thanks list for help. > >>> > >>> restarting squid is not a solution, I noticed only after 20 minutes > >>> after restarting, squid started consuming/eating CPU again. > >>> > >>> On Wed, 2010-03-17 at 19:54 +1100, Ivan . wrote: > >>>> you might want to check out this thread > >>>> http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg56216.html > >>> Neither I installed any package.. i.e not checked > >>> > >>> On Wed, 2010-03-17 at 05:27 -0700, George Herbert wrote: > >>>> or install the Google malloc library and recompile Squid to > >>>> use it instead of default gcc malloc. > >>> On Wed, 2010-03-17 at 15:01 +0200, Henrik K wrote: > >>>> If the system regex is issue, wouldn't it be better/simpler to just > >>>> compile > >>>> with PCRE? (LDFLAGS="-lpcreposix -lpcre"). It doesn't leak and as a bonus > >>>> makes your REs faster. > >>> Nor I re-compiled Squid, as I have to use binary/rpm version of squid > >>> that shipped with the Distro I am using > >>> > >>> issue resolved via removing acl that blocked almost 60K urls/domains > >>> > >>> commenting following worked > >>> ##acl porn_deny url_regex "/etc/squid/domains.deny" > >>> ##http_access deny porn_deny > >>> > >>> so how can I deny illegal contents/website ? > >>> > >> If those were actually domain names... > > they are both urls and domain > > > >> * use "dstdomain" type instead of regex. > > ok nice suggestion > > > > > >> Optimize order of ACLs so do most rejections as soon as possible with > >> fastest match types. > >> > > I think its optimized, as the rule(squeezing cpu) is the first rule in > > squid.conf > > That's the exact opposite of "optimizing" as the cpu-consuming rule is > _always_ executed. > First rules should be non-cpu consuming (i.e. non-regexp) and should > block most of the traffic, leaving the cpu-consuming ones at the bottom, > ralrely executed. > > >> If you don't mind sharing your squid.conf access lines we can work > >> through optimizing with you. > > I posted squid.conf when I start this thread/topic, but I have no issue > > posting it again ;) > > I think he meant the list of blocked sites / url its 112K after compression, am I allowed to post/attach such a big file ? > . > > > > > squid.conf: > > acl myFTP port 20 21 > > acl ftp_ipes src "/etc/squid/ftp_ipes.txt" > > http_access allow ftp_ipes myFTP > > http_access deny myFTP > > > > #### this is the acl eating CPU ##### > > acl porn_deny url_regex "/etc/squid/domains.deny" > > http_access deny porn_deny > > ############################### > > > > acl vip src "/etc/squid/vip_ipes.txt" > > http_access allow vip > > > > acl entweb url_regex "/etc/squid/entwebsites.txt" > > http_access deny entweb > > > > acl mynet src "/etc/squid/allowed_ipes.txt" > > http_access allow mynet > > > >> Amos > > > > -- Regards Muhammad Sharfuddin | NDS Technologies Pvt Ltd | +92-333-2144823 Novice: name a single major diff b/w Redhat and SUSE GURU: One is Red and the other one is Green
