On 6/01/2016 5:26 a.m., Job wrote: > Hello, > > sinec i upgraded two Squid proxy servers to the Squid-3.4.4 versions, we have some huges bottleneck with ahtenticated ntlm (old style!) users. > If i disable authentication and enable per-ip surf, it works fine. >From what earlier version? > > Plesae note that squid process raise up to 100%. > > Here is my auth ntlm configuration: > > auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp Try with "auth_param ntlm keep_alive off" > auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic > auth_param basic children 200 > auth_param basic credentialsttl 2 hours > > Perhaps have i to change something? 3.4.4 is very outdated version of Squid. Current release is 3.5.12 or 3.4.14. NTLM requires that Squid disable all HTTP performance optimizations. Without TCP connection persistence it will re-authenticate for every single request, resulting in more than doubling the bandwidth load and reducing the proxy to under 500 RPS. Even with persistence these limits are only raised a little. It is also very insecure, more so than Basic auth in the modern environment. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
