-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/11/2014 05:41 PM, Siva Prakash wrote: > Squid configuration - For authentication, it is integrated with AD > and lots of ACLs(1000) to block sites. Hey, The acls should not be too much of an effect unless they are binded to an external helper. Every helper adds overhead and can cause some delay in the initiation of a connection(needs a micro seconds tests in a lab). In the squid 3.4 there were reports that clearly states about a bug somewhere with AD authentication. I am still not 100% convinced it's squid internals. In any case it depends on what happens with the AD authentication. Since you are using 3.4 and the bug do not exists on 3.3 I my first suggestion is to make sure what are the options to narrow down the options. NTLM or kerberous authentication allow a higher level of encryption which to my knowledge can be replaced with a radius server(in many environments). I do not suggest to replace AD or kerberous!! Depends on your ACLs there might be a way to make it possible to lower the usage of AD authentication when not needed. One of the examples is windows updates or antivirus updates web-sites. The hardware you are talking about without cache and access logs can take care nicely 3k requests without sweat(unless the CPUs are very old). So consider my suggestion about AD authentication and in any case please do not use NTLM if possible. If you can think of a way to use a radius server in your environment it will help you lowering the need to rely on a feature which might contain a bug. All The Bests, Eliezer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUiefuAAoJENxnfXtQ8ZQUnQ8H/jdvuq4C8CnUHwwKRkSBpKnC CZCigPRw9bJyhxHia2ZF3f+UEXkWLzi6oGzhX9oHV6zm0/sT5bpY35axV77/Fzep 0Sm4cfDlv4yS1IERae68jRXaUMIa0vUO7V3HTF9Y7IeV35CD3Yg8k+OnrlY3Gzn8 CxbddEewvwQYvWE6b30tZsa7HLUi9a18yprwyvfqECUItU4jsxnUNUQaOA1yFYMg zz5RB3mTolMhqGCdjHwCPqsufw7x0jV7GSea+SSJDb1HHjqwj9lGa6CiTEtzgQzJ VCad7Nthf5XpNkQQRN4yRNVozobGtf7cpCKr0PO8uEZpTCM+WEZeKZ+ng+UKb9w= =9apR -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users