Search squid archive

Re: Squid + ICAP + ClamAV so slow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

2011/10/18 Christian Gregoire <cgregoir99@xxxxxxxxx>:
> Hello,
>
> I've configured Squid to filter HTTP trafic with ClamAV using ICAP. And the result is pretty bad : loading a simple page takes ages. When I disable ICAP in squid.conf, all is fine.
>
> Can someone share his/her configuration with me so that I can compare both ?
>
>
>
> Here is the Squid 3.1.9's ICAP configuration
>
> icap_enable on
> icap_send_client_ip on
> icap_send_client_username on
> icap_client_username_encode off
> icap_client_username_header X-Authenticated-User
> icap_preview_enable on
> icap_preview_size 1024
> icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
> adaptation_access service_req allow all
> icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
> adaptation_access service_resp allow all
>
> Here is C-ICAP config file :
>
> PidFile /var/run/c-icap/c-icap.pid
> CommandsSocket /var/run/c-icap/c-icap.ctl
> Timeout 300
> MaxKeepAliveRequests 100
> KeepAliveTimeout 600
> StartServers 3
> MaxServers 10
> MinSpareThreads     10
> MaxSpareThreads     20
> ThreadsPerChild     10
> MaxRequestsPerChild  0
> Port 1344
> ServerAdmin you@your.address
> ServerName YourServerName
> TmpDir /var/tmp
> MaxMemObject 131072
> DebugLevel 1
> ModulesDir /usr/local/c_icap/lib/c_icap
> ServicesDir /usr/local/c_icap/lib/c_icap
> TemplateDir /usr/local/c_icap/share/c_icap/templates/
> TemplateDefaultLanguage en
> LoadMagicFile /usr/local/c_icap/etc/c-icap.magic
> RemoteProxyUsers off
> RemoteProxyUserHeader X-Authenticated-User
> RemoteProxyUserHeaderEncoded on
> ServerLog /servers/icap/logs/server.log
> AccessLog /servers/icap/logs/access.log
> Module logger sys_logger.so
> Logger  sys_logger
> Service squidclamav squidclamav.so
> ServiceAlias avscan squidclamav?allow204=on&sizelimit=off&mode=simple
> Service echo srv_echo.so
> sys_logger.Facility     local7
>
> Thanks
>
> Christian
>

A fast reading of your configuration can show that you ae PASSING
ALLto the icap.  And of course this will slow, pass only objects you
need to verify for virii. Only exe, some html,  dont pass JPG,GIF,PNG.

You also need to improve you cache performance to trust that cached
objects are clean

LD
http://www.twitter.com/ldlq
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux