I'm receiving the below congestion warning several times a day. I'm wondering if this is anything to be concerned about. 2011/02/07 10:06:07| squidaio_queue_request: WARNING - Queue congestion My squid.con file is below: # # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.10.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl SSL_ports port 7001 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl snmppublic snmp_community cadc acl snmpsrv src 10.10.2.202 snmp_access allow snmppublic snmpsrv snmp_incoming_address 10.10.2.226 snmp_port 3401 acl malware_block_list url_regex -i "/usr/local/squid/malware_block_list.txt" http_access deny malware_block_list deny_info http://intranet.cadc.circdc.dcn/malwarealert/malware.htm malware_block_list # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager snmpsrv http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 10.10.2.226:3128 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. cache_replacement_policy heap GDSF cache_dir aufs /cache1/cache 16384 16 256 cache_dir aufs /cache2/cache 16384 16 256 # Leave coredumps in the first cache dir coredump_dir /usr/local/squid/var/cache # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precahe bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all cache_access_log none cache_mgr mgrasso@xxxxxxxxxxxxxxxxx ftp_user squid@xxxxxxxxxxxxxxxxx cache_mem 512 MB dns_nameservers 10.10.2.214 10.10.2.215 refresh_all_ims on memory_replacement_policy heap GDSF maximum_object_size_in_memory 1024 KB shutdown_lifetime 5 seconds client_db off The server has two dual core processors, 8 GB of RAM and two 15K hard drives for my aufs cache volumes. I just put the server into production and it has about 50 users configured to use the proxy. Any help is appreciated. Thank you, Mike Grasso Data Network Administrator DC Circuit Court of Appeals (202) 216-7443
