Any info for me regarding my last post? On 27 June 2011 13:02, Go Wow <gowows@xxxxxxxxx> wrote: > Pls find below the link to excel file containing memory info from > squid cache manager. > > https://www.yousendit.com/download/MFo3c0w5bTh0TW14dnc9PQ > > Now my squid.conf looks like this, is this okay? > > auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d -s GSS_C_NO_NAME > auth_param negotiate children 10 > auth_param negotiate keep_alive on > auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 8 > auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic > auth_param basic credentialsttl 4 hour > auth_param basic casesensitive off > auth_param basic children 7 > auth_param basic realm DOMAIN > authenticate_cache_garbage_interval 10 seconds > authenticate_ttl 0 seconds > acl ad-auth proxy_auth REQUIRED > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > acl allow_localnet dst 192.168.100.0/24 192.168.18.0/24 > acl allow_localdomain dstdomain .domain.com > acl local_net_dst dst 192.168.127.0/24 > acl local_net_src src 192.168.137.0/24 > acl Unsafe_Ports port 5050 843 5100 5101 5000-5010 9085 > acl Unsafe_Ports port 1863 > acl Unsafe_Ports port 5222 > acl SSL_ports port 443 > acl Safe_ports port 80 53 443 3268 88 5060 5061 5062 5075 5076 5077 > 50636 587 50389 58941 110 995 993 143 389 636 119 25 465 135 102 3000 > # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access deny Unsafe_Ports > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access allow allow_localnet > http_access allow allow_localdomain > http_access allow ad-auth > http_access deny all > http_port 3128 > hierarchy_stoplist cgi-bin ? > cache_dir aufs /var/squid/cache 128 16 256 > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > redirect_program /usr/local/bin/squidGuard -c > /usr/local/squidGuard/squidGuard.conf > redirect_children 15 > icp_access deny all > htcp_access deny all > cache_mem 128 MB > access_log /var/log/squid/access.log squid > icp_port 3130 > pipeline_prefetch off > cache_mgr mail@xxxxxxxxxx > cachemgr_passwd password all > #delay_pools 2 > #delay_class 1 4 > #delay_class 2 4 > #delay_access 1 allow local_net_src > #delay_access 2 allow local_net_dst > #delay_parameters 1 -1/-1 -1/-1 -1/-1 51200/51200 > #delay_parameters 2 -1/-1 -1/-1 -1/-1 -1/-1 > #delay_initial_bucket_level 75 > httpd_suppress_version_string on > forwarded_for off > hosts_file /etc/hosts > cache_replacement_policy heap LFUDA > cache_swap_low 90 > cache_swap_high 95 > maximum_object_size_in_memory 50 KB > memory_pools off > maximum_object_size 50 MB > quick_abort_min 0 KB > quick_abort_max 0 KB > log_icp_queries off > client_db off > buffered_logs on > half_closed_clients off > > On 26 June 2011 16:19, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> On 26/06/11 21:24, Go Wow wrote: >>> >>> Hi, >>> >>> I'm using squid 3.1.8 on centos 5.4 with 3.8GB RAM and Dual Core >>> Processor. My swap is been used and 50% of RAM is used by cache& >>> buffers. Below link has one week's memory& CPU utilization >>> information in form of graph. >>> >>> Memory usage --> http://img.myph.us/Cr8.jpg >>> CPU usage --> http://img.myph.us/PgM.jpg >>> >>> I'm worried as to why the usage of swap is coming into picture, >>> logically if Swap is used then I need to increase the RAM but this >>> machine is serving only 12 users. >>> >>> My squid.conf is here >>> >>> auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d -s >>> GSS_C_NO_NAME >>> auth_param negotiate children 10 >>> auth_param negotiate keep_alive on >>> auth_param ntlm program /usr/bin/ntlm_auth >>> --helper-protocol=squid-2.5-ntlmssp >>> auth_param ntlm children 8 >>> auth_param basic program /usr/bin/ntlm_auth >>> --helper-protocol=squid-2.5-basic >>> auth_param basic credentialsttl 4 hour >>> auth_param basic casesensitive off >>> auth_param basic children 7 >>> auth_param basic realm DOMAINNAME >>> authenticate_cache_garbage_interval 10 seconds >>> authenticate_ttl 0 seconds >>> acl ad-auth proxy_auth REQUIRED >>> acl manager proto cache_object >>> acl localhost src 127.0.0.1/32 >>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 >>> acl allow_localnet dst 192.168.110.0/24 192.168.188.0/24 >>> acl allow_localdomain dstdomain .domain.com >>> acl local_net_dst dst 192.168.117.0/24 >>> acl local_net_src src 192.168.117.0/24 >>> acl Unsafe_Ports port 5050 843 5100 5101 5000-5010 9085 >>> acl Unsafe_Ports port 1863 >>> acl Unsafe_Ports port 5222 >>> acl SSL_ports port 443 >>> acl Safe_ports port 80 53 3268 88 5060 5061 5062 5075 5076 5077 50636 >>> 587 50389 58941 110 995 993 143 389 636 119 25 465 135 102 3000 # >>> http >>> acl Safe_ports port 21 # ftp >>> acl Safe_ports port 443 # https >>> acl Safe_ports port 70 # gopher >>> acl Safe_ports port 210 # wais >>> acl Safe_ports port 1025-65535 # unregistered ports >>> acl Safe_ports port 280 # http-mgmt >>> acl Safe_ports port 488 # gss-http >>> acl Safe_ports port 591 # filemaker >>> acl Safe_ports port 777 # multiling http >>> acl CONNECT method CONNECT >>> http_access allow localhost allow_localnet allow_localdomain >>> http_access allow manager localhost >>> http_access allow ad-auth >> >>> http_access deny manager >>> http_access deny Unsafe_Ports !Safe_ports >> >> That wont work. Please see: >> http://wiki.squid-cache.org/SquidFaq/SquidAcls#Common_Mistakes >> >>> http_access deny CONNECT !SSL_ports >> >> None of these security checks will have any effect. You have placed all >> of the allows above them to happen first. >> >>> http_access deny all >>> redirect_program /usr/local/bin/squidGuard -c >>> /usr/local/squidGuard/squidGuard.conf >>> redirect_children 15 >>> icp_access deny all >>> htcp_access deny all >>> http_port 3128 >>> cache_mem 128 MB >>> cache_dir aufs /var/squid/cache 128 16 256 >>> hierarchy_stoplist cgi-bin ? >>> access_log /var/log/squid/access.log squid >>> refresh_pattern ^ftp: 1440 20% 10080 >>> refresh_pattern ^gopher: 1440 0% 1440 >>> refresh_pattern (cgi-bin|\?) 0 0% 0 >> >> Broken pattern. Use this instead: >> -i (/cgi-bin/|\?) >> >>> refresh_pattern . 0 20% 4320 >>> icp_port 3130 >>> pipeline_prefetch off >>> #delay_pools 2 >>> #delay_class 1 4 >>> #delay_class 2 4 >>> #delay_access 1 allow local_net_src >>> #delay_access 2 allow local_net_dst >>> #delay_parameters 1 -1/-1 -1/-1 -1/-1 51200/51200 >>> #delay_parameters 2 -1/-1 -1/-1 -1/-1 -1/-1 >>> #delay_initial_bucket_level 75 >>> httpd_suppress_version_string on >>> forwarded_for off >>> hosts_file /etc/hosts >>> cache_replacement_policy heap LFUDA >>> cache_swap_low 90 >>> cache_swap_high 95 >>> maximum_object_size_in_memory 50 KB >>> memory_pools off >>> maximum_object_size 50 MB >>> quick_abort_min 0 KB >>> quick_abort_max 0 KB >>> log_icp_queries off >>> client_db off >>> buffered_logs on >>> half_closed_clients off >>> >>> >>> I had delay pools but I later disabled them as well. >> >> Are you sure it is Squid consuming that memory? Its possibly another >> application. >> If you are sure it is Squid please upgrade to a later version. There were >> some memory overuse issues fixed between 3.1.8 and 3.1.11. >> >> Amos >> -- >> Please be using >> Current Stable Squid 2.7.STABLE9 or 3.1.12 >> Beta testers wanted for 3.2.0.9 and 3.1.12.3 >> >
