Here is the squid.conf. If there are any optimizations I can do let me know. The application that uses the "acl Citrix_Ports port 2598" rule is what I am concerned about. I probably commented out some safety/admin stuff due to troubleshooting. Just as a note, the actual proxy process works fast; everything comes up fine on the network. Just slow for certain apps. ------------------------------------------ http_port 3128 visible_hostname [Our Proxy FQDN] refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/ #acl manager url_regex -i ^cache_object:// /squid-internal-mgr/ acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machine s acl blacklist-sites dstdom_regex -i "/etc/squid/blacklist-sites" acl whitelist-sites dstdom_regex -i "/etc/squid/whitelist-sites" acl SSL_ports port 443 ########################################### ####### Ports for Particular User #################### ########################################### acl Citrix_Ports port 2598 acl Citrix_Ports port 2589 acl Citrix_Ports port 1494 acl Citrix_Ports port 1452 # acl Citrix_Ports port 8080 # acl Citrix_Ports port 443 # acl Citrix_Ports port 80 # acl Citrix_Ports port 433 ########################################### ########################################### ########################################### acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny manager # http_access deny !Safe_ports # http_access deny CONNECT !SSL_ports http_access deny adobe-sites http_access allow Citrix_Ports http_access allow CONNECT Citrix_Ports http_access allow whitelist-sites http_access allow manager localhost http_access allow manager localnet http_access allow localhost http_access allow localnet cache_mgr myadminemail@xxxxxxxxxxxx cache_mem 1024 MB cache_dir ufs /var/cache/squid 102400 32 1024 cache_effective_user squid cache_effective_group squid log_fqdn on Regards, Christopher Koeber On Wed, Aug 15, 2012 at 8:06 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: On 16.08.2012 10:17, Christopher Kurtis Koeber wrote: Hello, We have Squid version 3.1.19 running on our network and everything works OK but we have noticed that rules set up to allow and deny access tend to be a little slow. So, if an application that we have set to be allowed on our network runs it takes a while for it to connect becaue Squid is processing a rule for the port for that application. Once Squid allows the application to connect (via the "CONNECT" method) then everything works fine but it takes a long time (30-60 seconds) for the rule allowing that application to connect to apply. What can I do to fix this? Start with showing us the access configuration please. So far all we can say is "well, you start with optimizing the order", but can't point you at particular details. For example do you have several million regex patterns being processed? or a slow DNA lookup? Once the order is streamlined for minimal tests performed it is easier to debug test and see where the remaining bottlenecks are. Amos
