Ahmad, If you think the problem is squidguard, you have to get sure about this. I suggest to disable squidguard and see if the performance get better to confirm that the bottleneck is indeed caused by squidguard. IF it is confirmed that squidguard is the bottleneck you can either try to optimise the squidguard configuration or switch to a faster alternative like ufdbguard. Marcus On 02/24/2013 08:30 AM, Ahmad wrote:
hello , thanks Amos , ive modified the config file as u suggested . after removing the raid 0 , ive noted a better performance . ============================================================= in general , browsing speed is lower than the speed in the absence of squid , but any way it is acceptable and i wish to enhance it as i can ! ====================================================== As i mentioned in the beginning , i have an excellent hardware with about 32 G ram. but i have major problem in squid-guard !! after sometime it begins to bypass!!!!!! i searched to use dansguardian instead of squid-guard but it seems that dansguardian is not compatible with tproxy !!===> seems as shook to me ! ================================================== i have pumped only 1000 users with about 150-180 M only !!!! here is the log of squidguard ! ============== 2013-02-24 06:25:32 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://surprises.tango.me/ts//assets/ayol_fairy_gingerbread_surprise_2-UI_VG_SELECTOR_PACK-android.zip 2013-02-24 06:25:38 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://ds.serving-sys.com/BurstingRes//Site-38682/Type-11/8986049_182e1c3c-0f89-4ee4-b991-0c98ef5d36d9.js 2013-02-24 06:25:45 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://surprises.tango.me/ts//assets/ayol_im_ttyl_surprise_2-ANIMATION_PACK-.zip 2013-02-24 06:25:46 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://surprises.tango.me/ts//assets/ayol_im_ttyl_surprise_2-UI_VG_SELECTOR_PACK-android.zip 2013-02-24 06:25:50 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://77.243.189.57/cdn.putlocker.com/r1KH3Z/aMY6kLQ9Y4nVxYoGofr/F778Rl7N1PtcjpnR72foOrRFQFTTOWnIjvwbKzKKLDpTC3nv4Kh/K+3FFomVqpbeDogNm0/cKEgcunONMTnmaPr7n//KF5/814INq/4yNylLOToeoy6OJKctncNXM2dS5HRPZcpOAmCNMA+O3NUW6S6DkghtNARxhxt4bEYRC7/f/g701W8M3Jmk59GYBDKY/HtvLMMpN59j17pg=/wrath.of.the.titans.2012_bae33_f43c0.flv 2013-02-24 06:26:01 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//03-02-2013/117x78/0Double-Team-1997-Dutch-Front-Cover-72004.jpg 2013-02-24 06:26:02 [17282] Warning: Possible bypass attempt. Found a trailing dot in the domain name: http://dnl-19.geo.kaspersky.com/index/../bases/wmuf/wmuf-0607g.xml.dif 2013-02-24 06:26:07 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//20-01-2013/117x78/013590551321.jpg 2013-02-24 06:26:11 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//24-02-2013/90x70/0157950561.jpg 2013-02-24 06:26:15 [17283] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//24-02-2013/152x125/VMP0original%20(4).jpg 2013-02-24 06:26:20 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.01.01.07 2013-02-24 06:26:21 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://213.171.205.238/rules///archive201302/sc1.bin.incr.2013.02.24.01.55.06 2013-02-24 06:26:24 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://213.171.205.238/rules///archive201302/sc1.bin.incr.2013.02.24.02.42.47 2013-02-24 06:26:25 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://rpc-php.trafficfactory.biz/tower-1xfooter-1/bf6b32919541f9227b4fceedb513d3e9/1//xvideos/display.js?v=0.010611487734062397 2013-02-24 06:26:31 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://213.171.205.238/rules///sc17.bin.incr.2013.02.23.21.01.08 2013-02-24 06:26:33 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://87.106.240.241/rules///sc17.bin.incr.2013.02.23.22.01.07 2013-02-24 06:26:34 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.04.01.06 2013-02-24 06:26:41 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.06.01.06 2013-02-24 06:26:49 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.10.01.08 2013-02-24 06:26:57 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.12.01.27 2013-02-24 06:26:58 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.15.01.07 2013-02-24 06:26:59 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.bokra.net/images//play_btn.png 2013-02-24 06:27:02 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://images.bokra.net/bokra//27-01-2013/139x96/03ala_mar_alzman.jpg 2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found a trailing dot in the domain name: http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw 2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw 2013-02-24 06:27:06 [17282] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.17.01.08 2013-02-24 06:27:07 [17282] Warning: Possible bypass attempt. Found a trailing dot in the domain name: http://www.google.ps/xjs/_/js/i/qi/rt=j/ver=TRRqyfYv7Gg.en_US./d=0/sv=1/rs=AItRSTORVFAb4tDIudEqfOL475VKj3yMmw ^Z [1]+ Stopped tailf /usr/local/squidGuard/log/squidGuard.log [root@squid ~]# ============================== here is a sample of cache.log file: {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept: */* Content-Type: application/x-www-form-urlencoded} NULL {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept: */* Content-Type: application/x-www-form-urlencoded} NULL {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept: */* Content-Type: application/x-www-form-urlencoded} NULL {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept: */* Content-Type: application/x-www-form-urlencoded} NULL {Accept: */* Content-Type: application/x-www-form-urlencoded 2013/02/24 06:24:41| clientProcessRequest: Invalid Request 2013/02/24 06:25:00| clientProcessRequest: Invalid Request 2013/02/24 06:25:04| clientProcessRequest: Invalid Request 2013/02/24 06:25:07| clientProcessRequest: Invalid Request 2013/02/24 06:25:09| helperHandleRead: unexpected reply on channel 0 from redirector #1 '' 2013/02/24 06:25:09| clientProcessRequest: Invalid Request 2013/02/24 06:25:11| clientProcessRequest: Invalid Request 2013/02/24 06:25:11| clientProcessRequest: Invalid Request 2013/02/24 06:25:21| clientProcessRequest: Invalid Request 2013/02/24 06:25:23| clientProcessRequest: Invalid Request 2013/02/24 06:25:28| clientProcessRequest: Invalid Request 2013/02/24 06:25:35| clientProcessRequest: Invalid Request 2013/02/24 06:25:36| clientProcessRequest: Invalid Request 2013/02/24 06:25:56| clientProcessRequest: Invalid Request 2013/02/24 06:26:07| clientProcessRequest: Invalid Request 2013/02/24 06:26:11| clientProcessRequest: Invalid Request 2013/02/24 06:26:17| clientProcessRequest: Invalid Request 2013/02/24 06:26:19| clientProcessRequest: Invalid Request 2013/02/24 06:26:23| helperHandleRead: unexpected reply on channel 0 from redirector #1 '' 2013/02/24 06:26:29| clientProcessRequest: Invalid Request 2013/02/24 06:26:32| clientProcessRequest: Invalid Request 2013/02/24 06:26:34| clientProcessRequest: Invalid Request 2013/02/24 06:26:36| clientProcessRequest: Invalid Request 2013/02/24 06:26:38| clientProcessRequest: Invalid Request 2013/02/24 06:26:40| clientProcessRequest: Invalid Request 2013/02/24 06:26:52| clientProcessRequest: Invalid Request 2013/02/24 06:26:53| clientProcessRequest: Invalid Request 2013/02/24 06:27:04| clientProcessRequest: Invalid Request 2013/02/24 06:27:10| clientProcessRequest: Invalid Request 2013/02/24 06:27:10| clientProcessRequest: Invalid Request 2013/02/24 06:27:23| clientProcessRequest: Invalid Request 2013/02/24 06:27:28| clientProcessRequest: Invalid Request 2013/02/24 06:27:40| clientProcessRequest: Invalid Request 2013/02/24 06:27:40| clientProcessRequest: Invalid Request 2013/02/24 06:27:42| clientProcessRequest: Invalid Request 2013/02/24 06:27:46| squidaio_queue_request: WARNING - Queue congestion 2013/02/24 06:27:51| clientProcessRequest: Invalid Request 2013/02/24 06:27:57| clientProcessRequest: Invalid Request 2013/02/24 06:27:59| statusIfComplete: Request not yet fully sent "POST http://cr.torchbrowser.com/"; 2013/02/24 06:28:08| clientProcessRequest: Invalid Request 2013/02/24 06:28:12| clientProcessRequest: Invalid Request 2013/02/24 06:28:15| clientProcessRequest: Invalid Request 2013/02/24 06:28:18| clientProcessRequest: Invalid Request 2013/02/24 06:28:24| clientProcessRequest: Invalid Request 2013/02/24 06:28:25| clientProcessRequest: Invalid Request 2013/02/24 06:28:27| clientProcessRequest: Invalid Request ============================================== here is the config file after all modifications : [root@squid dansguardian-2.12.0.3]# cat /etc/squid/squid.conf # squid Config By "xxx" "xxx ################### acl all src all acl manager proto cache_object acl localnet src 192.168.1.0/24 z.z.0.0/16 z.z.0.0/16 acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 590 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT ################################ visible_hostname squid coredump_dir /var/spool/squid ####squidguard################### redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf redirector_bypass on url_rewrite_children 200 cache_effective_user squid cache_effective_group squid ############################## #Recommended minimum configuration: # Only allow cachemgr access from localhost http_access allow manager localhost http_access allow localnet http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # And finally deny all other access to this proxy http_access deny all #Allow ICP queries from everyone icp_access allow all ####################################### access_log /var/log/squid/access.log cache_dir aufs /cache1 500000 32 256 cache_dir aufs /cache2 500000 32 256 cache_dir aufs /cache3 500000 32 256 cache_mem 20000 MB ########################## http_port 127.0.0.1:3128 http_port x.x.x:65000 http_port 3128 http_port 3129 tproxy ########### Performance Related Config: relaxed_header_parser on vary_ignore_expire on ########################################## memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA ########################################### ipcache_size 2048 ipcache_low 98 ipcache_high 99 memory_pools off pipeline_prefetch on ############################################ httpd_suppress_version_string on server_persistent_connections on client_persistent_connections on pconn_timeout 2 minutes persistent_request_timeout 1 minute ########################################### ########### WCCP2 Config############# wccp2_router x.x.x.x wccp_version 2 wccp2_forwarding_method 2 wccp2_return_method 2 #wccp2_assignment_method mask wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 ########################################## ########################################### #default option refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 ################################################# forwarded_for on max_filedescriptors 65536 max_open_disk_fds 65536 relaxed_header_parser on reload_into_ims on client_lifetime 15 minutes read_timeout 5 minutes request_timeout 1 minutes ie_refresh on ignore_expect_100 on vary_ignore_expire on ############################### ################################ httpd_suppress_version_string on server_persistent_connections on client_persistent_connections on pconn_timeout 2 minutes persistent_request_timeout 1 minute shutdown_lifetime 20 seconds ############################# cache_swap_low 98 cache_swap_high 99 cache_replacement_policy heap LFUDA minimum_object_size 0 maximum_object_size 130 MB ############################### wish the outputs above , help to solve the problem of squid-guard bypassing with my best regards.. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/slow-browsing-in-centos-6-3-with-squid-3-tp4658635p4658675.html Sent from the Squid - Users mailing list archive at Nabble.com.
