On Mon, 22 Mar 2010 15:16:07 -0500, Kevin Blackwell <akblackwel@xxxxxxxxx> wrote: > I currently have squid installed. > > I need to get some more speed out of it though. Was wondering if the > community had any thoughts. > > I've expressed to the powers that be that throwing a proxy in the way > by nature will create a bottleneck to some degree. I mean it does have > to fetch the file, do it's thing, then let the proxy user's browser > have it. not to mention the that the url needs to be checked, scan > files for viruses, etc... > > Also open to a hardware solution if anyone has any suggestions and > feel it would be faster. > > Squid requirements. > > We really only need squid to act as a web filter. Ive been told that > other smaller and faster programs can do this. But after looking into > them, they seem to be lacking on the one specific I need it to do. > > NTLM authentication > > That's the #1 most important requirement. > > After that I need SPEED. > > I basically just need the proxy to > > 1. Log NT domain users Note: NTLM is a deprecated security method. It's being replaced by Kerberos which is faster and more secure. One of the things to improve performance is looking at doing that migration where possible. > 2. Filter websites based on a blacklist (squidguard seems to be doing > OK for our needs currently, open to other possibilities ) > 3. Virus Filter ( Currently using havp, but open to faster/better > suggestions ) > 4. SPEED ( just to reiterate ) > > Anyone have any pointers to set squid up with those requirements? * The biggest bottleneck is the body data filtering software. All Squid does is some processing of the HTTP headers portion and pass-thru the rest. The smaller the objects get the more processing Squid has to do relative to data pipe throughput. * Followed by ACL and storage IO speeds. Amos
