hello , thanks Amos , ive modified the config file as u suggested . after removing the raid 0 , ive noted a better performance . ============================================================= in general , browsing speed is lower than the speed in the absence of squid , but any way it is acceptable and i wish to enhance it as i can ! ====================================================== As i mentioned in the beginning , i have an excellent hardware with about 32 G ram. but i have major problem in squid-guard !! after sometime it begins to bypass!!!!!! i searched to use dansguardian instead of squid-guard but it seems that dansguardian is not compatible with tproxy !!===> seems as shook to me ! ================================================== i have pumped only 1000 users with about 150-180 M only !!!! here is the log of squidguard ! ============== 2013-02-24 06:25:32 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://surprises.tango.me/ts//assets/ayol_fairy_gingerbread_surprise_2-UI_VG_SELECTOR_PACK-android.zip 2013-02-24 06:25:38 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://ds.serving-sys.com/BurstingRes//Site-38682/Type-11/8986049_182e1c3c-0f89-4ee4-b991-0c98ef5d36d9.js 2013-02-24 06:25:45 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://surprises.tango.me/ts//assets/ayol_im_ttyl_surprise_2-ANIMATION_PACK-.zip 2013-02-24 06:25:46 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://surprises.tango.me/ts//assets/ayol_im_ttyl_surprise_2-UI_VG_SELECTOR_PACK-android.zip 2013-02-24 06:25:50 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://77.243.189.57/cdn.putlocker.com/r1KH3Z/aMY6kLQ9Y4nVxYoGofr/F778Rl7N1PtcjpnR72foOrRFQFTTOWnIjvwbKzKKLDpTC3nv4Kh/K+3FFomVqpbeDogNm0/cKEgcunONMTnmaPr7n//KF5/814INq/4yNylLOToeoy6OJKctncNXM2dS5HRPZcpOAmCNMA+O3NUW6S6DkghtNARxhxt4bEYRC7/f/g701W8M3Jmk59GYBDKY/HtvLMMpN59j17pg=/wrath.of.the.titans.2012_bae33_f43c0.flv 2013-02-24 06:26:01 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//03-02-2013/117x78/0Double-Team-1997-Dutch-Front-Cover-72004.jpg 2013-02-24 06:26:02 [17282] Warning: Possible bypass attempt. Found a trailing dot in the domain name: http://dnl-19.geo.kaspersky.com/index/../bases/wmuf/wmuf-0607g.xml.dif 2013-02-24 06:26:07 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//20-01-2013/117x78/013590551321.jpg 2013-02-24 06:26:11 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//24-02-2013/90x70/0157950561.jpg 2013-02-24 06:26:15 [17283] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//24-02-2013/152x125/VMP0original%20(4).jpg 2013-02-24 06:26:20 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.01.01.07 2013-02-24 06:26:21 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://213.171.205.238/rules///archive201302/sc1.bin.incr.2013.02.24.01.55.06 2013-02-24 06:26:24 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://213.171.205.238/rules///archive201302/sc1.bin.incr.2013.02.24.02.42.47 2013-02-24 06:26:25 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://rpc-php.trafficfactory.biz/tower-1xfooter-1/bf6b32919541f9227b4fceedb513d3e9/1//xvideos/display.js?v=0.010611487734062397 2013-02-24 06:26:31 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://213.171.205.238/rules///sc17.bin.incr.2013.02.23.21.01.08 2013-02-24 06:26:33 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://87.106.240.241/rules///sc17.bin.incr.2013.02.23.22.01.07 2013-02-24 06:26:34 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.04.01.06 2013-02-24 06:26:41 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.06.01.06 2013-02-24 06:26:49 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.10.01.08 2013-02-24 06:26:57 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.12.01.27 2013-02-24 06:26:58 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.15.01.07 2013-02-24 06:26:59 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.bokra.net/images//play_btn.png 2013-02-24 06:27:02 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//27-01-2013/139x96/03ala_mar_alzman.jpg 2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found a trailing dot in the domain name: http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw 2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw 2013-02-24 06:27:06 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.17.01.08 2013-02-24 06:27:07 [17282] Warning: Possible bypass attempt. Found a trailing dot in the domain name: http://www.google.ps/xjs/_/js/i/qi/rt=j/ver=TRRqyfYv7Gg.en_US./d=0/sv=1/rs=AItRSTORVFAb4tDIudEqfOL475VKj3yMmw ^Z [1]+ Stopped tailf /usr/local/squidGuard/log/squidGuard.log [root@squid ~]# ============================== here is a sample of cache.log file: {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept: */* Content-Type: application/x-www-form-urlencoded} NULL {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept: */* Content-Type: application/x-www-form-urlencoded} NULL {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept: */* Content-Type: application/x-www-form-urlencoded} NULL {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept: */* Content-Type: application/x-www-form-urlencoded} NULL {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:41| clientProcessRequest: Invalid Request 2013/02/24 06:25:00| clientProcessRequest: Invalid Request 2013/02/24 06:25:04| clientProcessRequest: Invalid Request 2013/02/24 06:25:07| clientProcessRequest: Invalid Request 2013/02/24 06:25:09| helperHandleRead: unexpected reply on channel 0 from redirector #1 '' 2013/02/24 06:25:09| clientProcessRequest: Invalid Request 2013/02/24 06:25:11| clientProcessRequest: Invalid Request 2013/02/24 06:25:11| clientProcessRequest: Invalid Request 2013/02/24 06:25:21| clientProcessRequest: Invalid Request 2013/02/24 06:25:23| clientProcessRequest: Invalid Request 2013/02/24 06:25:28| clientProcessRequest: Invalid Request 2013/02/24 06:25:35| clientProcessRequest: Invalid Request 2013/02/24 06:25:36| clientProcessRequest: Invalid Request 2013/02/24 06:25:56| clientProcessRequest: Invalid Request 2013/02/24 06:26:07| clientProcessRequest: Invalid Request 2013/02/24 06:26:11| clientProcessRequest: Invalid Request 2013/02/24 06:26:17| clientProcessRequest: Invalid Request 2013/02/24 06:26:19| clientProcessRequest: Invalid Request 2013/02/24 06:26:23| helperHandleRead: unexpected reply on channel 0 from redirector #1 '' 2013/02/24 06:26:29| clientProcessRequest: Invalid Request 2013/02/24 06:26:32| clientProcessRequest: Invalid Request 2013/02/24 06:26:34| clientProcessRequest: Invalid Request 2013/02/24 06:26:36| clientProcessRequest: Invalid Request 2013/02/24 06:26:38| clientProcessRequest: Invalid Request 2013/02/24 06:26:40| clientProcessRequest: Invalid Request 2013/02/24 06:26:52| clientProcessRequest: Invalid Request 2013/02/24 06:26:53| clientProcessRequest: Invalid Request 2013/02/24 06:27:04| clientProcessRequest: Invalid Request 2013/02/24 06:27:10| clientProcessRequest: Invalid Request 2013/02/24 06:27:10| clientProcessRequest: Invalid Request 2013/02/24 06:27:23| clientProcessRequest: Invalid Request 2013/02/24 06:27:28| clientProcessRequest: Invalid Request 2013/02/24 06:27:40| clientProcessRequest: Invalid Request 2013/02/24 06:27:40| clientProcessRequest: Invalid Request 2013/02/24 06:27:42| clientProcessRequest: Invalid Request 2013/02/24 06:27:46| squidaio_queue_request: WARNING - Queue congestion 2013/02/24 06:27:51| clientProcessRequest: Invalid Request 2013/02/24 06:27:57| clientProcessRequest: Invalid Request 2013/02/24 06:27:59| statusIfComplete: Request not yet fully sent "POST http://cr.torchbrowser.com/"; 2013/02/24 06:28:08| clientProcessRequest: Invalid Request 2013/02/24 06:28:12| clientProcessRequest: Invalid Request 2013/02/24 06:28:15| clientProcessRequest: Invalid Request 2013/02/24 06:28:18| clientProcessRequest: Invalid Request 2013/02/24 06:28:24| clientProcessRequest: Invalid Request 2013/02/24 06:28:25| clientProcessRequest: Invalid Request 2013/02/24 06:28:27| clientProcessRequest: Invalid Request ============================================== here is the config file after all modifications : [root@squid dansguardian-2.12.0.3]# cat /etc/squid/squid.conf # squid Config By "xxx" "xxx ################### acl all src all acl manager proto cache_object acl localnet src 192.168.1.0/24 z.z.0.0/16 z.z.0.0/16 acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 590 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT ################################ visible_hostname squid coredump_dir /var/spool/squid ####squidguard################### redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf redirector_bypass on url_rewrite_children 200 cache_effective_user squid cache_effective_group squid ############################## #Recommended minimum configuration: # Only allow cachemgr access from localhost http_access allow manager localhost http_access allow localnet http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # And finally deny all other access to this proxy http_access deny all #Allow ICP queries from everyone icp_access allow all ####################################### access_log /var/log/squid/access.log cache_dir aufs /cache1 500000 32 256 cache_dir aufs /cache2 500000 32 256 cache_dir aufs /cache3 500000 32 256 cache_mem 20000 MB ########################## http_port 127.0.0.1:3128 http_port x.x.x:65000 http_port 3128 http_port 3129 tproxy ########### Performance Related Config: relaxed_header_parser on vary_ignore_expire on ########################################## memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA ########################################### ipcache_size 2048 ipcache_low 98 ipcache_high 99 memory_pools off pipeline_prefetch on ############################################ httpd_suppress_version_string on server_persistent_connections on client_persistent_connections on pconn_timeout 2 minutes persistent_request_timeout 1 minute ########################################### ########### WCCP2 Config############# wccp2_router x.x.x.x wccp_version 2 wccp2_forwarding_method 2 wccp2_return_method 2 #wccp2_assignment_method mask wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 ########################################## ########################################### #default option refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 ################################################# forwarded_for on max_filedescriptors 65536 max_open_disk_fds 65536 relaxed_header_parser on reload_into_ims on client_lifetime 15 minutes read_timeout 5 minutes request_timeout 1 minutes ie_refresh on ignore_expect_100 on vary_ignore_expire on ############################### ################################ httpd_suppress_version_string on server_persistent_connections on client_persistent_connections on pconn_timeout 2 minutes persistent_request_timeout 1 minute shutdown_lifetime 20 seconds ############################# cache_swap_low 98 cache_swap_high 99 cache_replacement_policy heap LFUDA minimum_object_size 0 maximum_object_size 130 MB ############################### wish the outputs above , help to solve the problem of squid-guard bypassing with my best regards.. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/slow-browsing-in-centos-6-3-with-squid-3-tp4658635p4658675.html Sent from the Squid - Users mailing list archive at Nabble.com.
