Pls find below the link to excel file containing memory info from squid cache manager. https://www.yousendit.com/download/MFo3c0w5bTh0TW14dnc9PQ Now my squid.conf looks like this, is this okay? auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive on auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 8 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic credentialsttl 4 hour auth_param basic casesensitive off auth_param basic children 7 auth_param basic realm DOMAIN authenticate_cache_garbage_interval 10 seconds authenticate_ttl 0 seconds acl ad-auth proxy_auth REQUIRED acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl allow_localnet dst 192.168.100.0/24 192.168.18.0/24 acl allow_localdomain dstdomain .domain.com acl local_net_dst dst 192.168.127.0/24 acl local_net_src src 192.168.137.0/24 acl Unsafe_Ports port 5050 843 5100 5101 5000-5010 9085 acl Unsafe_Ports port 1863 acl Unsafe_Ports port 5222 acl SSL_ports port 443 acl Safe_ports port 80 53 443 3268 88 5060 5061 5062 5075 5076 5077 50636 587 50389 58941 110 995 993 143 389 636 119 25 465 135 102 3000 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny Unsafe_Ports http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow allow_localnet http_access allow allow_localdomain http_access allow ad-auth http_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? cache_dir aufs /var/squid/cache 128 16 256 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf redirect_children 15 icp_access deny all htcp_access deny all cache_mem 128 MB access_log /var/log/squid/access.log squid icp_port 3130 pipeline_prefetch off cache_mgr mail@xxxxxxxxxx cachemgr_passwd password all #delay_pools 2 #delay_class 1 4 #delay_class 2 4 #delay_access 1 allow local_net_src #delay_access 2 allow local_net_dst #delay_parameters 1 -1/-1 -1/-1 -1/-1 51200/51200 #delay_parameters 2 -1/-1 -1/-1 -1/-1 -1/-1 #delay_initial_bucket_level 75 httpd_suppress_version_string on forwarded_for off hosts_file /etc/hosts cache_replacement_policy heap LFUDA cache_swap_low 90 cache_swap_high 95 maximum_object_size_in_memory 50 KB memory_pools off maximum_object_size 50 MB quick_abort_min 0 KB quick_abort_max 0 KB log_icp_queries off client_db off buffered_logs on half_closed_clients off On 26 June 2011 16:19, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 26/06/11 21:24, Go Wow wrote: >> >> Hi, >> >> I'm using squid 3.1.8 on centos 5.4 with 3.8GB RAM and Dual Core >> Processor. My swap is been used and 50% of RAM is used by cache& >> buffers. Below link has one week's memory& CPU utilization >> information in form of graph. >> >> Memory usage --> http://img.myph.us/Cr8.jpg >> CPU usage --> http://img.myph.us/PgM.jpg >> >> I'm worried as to why the usage of swap is coming into picture, >> logically if Swap is used then I need to increase the RAM but this >> machine is serving only 12 users. >> >> My squid.conf is here >> >> auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d -s >> GSS_C_NO_NAME >> auth_param negotiate children 10 >> auth_param negotiate keep_alive on >> auth_param ntlm program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-ntlmssp >> auth_param ntlm children 8 >> auth_param basic program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-basic >> auth_param basic credentialsttl 4 hour >> auth_param basic casesensitive off >> auth_param basic children 7 >> auth_param basic realm DOMAINNAME >> authenticate_cache_garbage_interval 10 seconds >> authenticate_ttl 0 seconds >> acl ad-auth proxy_auth REQUIRED >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 >> acl allow_localnet dst 192.168.110.0/24 192.168.188.0/24 >> acl allow_localdomain dstdomain .domain.com >> acl local_net_dst dst 192.168.117.0/24 >> acl local_net_src src 192.168.117.0/24 >> acl Unsafe_Ports port 5050 843 5100 5101 5000-5010 9085 >> acl Unsafe_Ports port 1863 >> acl Unsafe_Ports port 5222 >> acl SSL_ports port 443 >> acl Safe_ports port 80 53 3268 88 5060 5061 5062 5075 5076 5077 50636 >> 587 50389 58941 110 995 993 143 389 636 119 25 465 135 102 3000 # >> http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> http_access allow localhost allow_localnet allow_localdomain >> http_access allow manager localhost >> http_access allow ad-auth > >> http_access deny manager >> http_access deny Unsafe_Ports !Safe_ports > > That wont work. Please see: > http://wiki.squid-cache.org/SquidFaq/SquidAcls#Common_Mistakes > >> http_access deny CONNECT !SSL_ports > > None of these security checks will have any effect. You have placed all > of the allows above them to happen first. > >> http_access deny all >> redirect_program /usr/local/bin/squidGuard -c >> /usr/local/squidGuard/squidGuard.conf >> redirect_children 15 >> icp_access deny all >> htcp_access deny all >> http_port 3128 >> cache_mem 128 MB >> cache_dir aufs /var/squid/cache 128 16 256 >> hierarchy_stoplist cgi-bin ? >> access_log /var/log/squid/access.log squid >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern (cgi-bin|\?) 0 0% 0 > > Broken pattern. Use this instead: > -i (/cgi-bin/|\?) > >> refresh_pattern . 0 20% 4320 >> icp_port 3130 >> pipeline_prefetch off >> #delay_pools 2 >> #delay_class 1 4 >> #delay_class 2 4 >> #delay_access 1 allow local_net_src >> #delay_access 2 allow local_net_dst >> #delay_parameters 1 -1/-1 -1/-1 -1/-1 51200/51200 >> #delay_parameters 2 -1/-1 -1/-1 -1/-1 -1/-1 >> #delay_initial_bucket_level 75 >> httpd_suppress_version_string on >> forwarded_for off >> hosts_file /etc/hosts >> cache_replacement_policy heap LFUDA >> cache_swap_low 90 >> cache_swap_high 95 >> maximum_object_size_in_memory 50 KB >> memory_pools off >> maximum_object_size 50 MB >> quick_abort_min 0 KB >> quick_abort_max 0 KB >> log_icp_queries off >> client_db off >> buffered_logs on >> half_closed_clients off >> >> >> I had delay pools but I later disabled them as well. > > Are you sure it is Squid consuming that memory? Its possibly another > application. > If you are sure it is Squid please upgrade to a later version. There were > some memory overuse issues fixed between 3.1.8 and 3.1.11. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.9 and 3.1.12.3 >
