Search squid archive

Re: Delay Pools and HTTPS on Squid 3.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It's been a while since I've looked at this—because the software we use to generate our squid.conf just works around now—but we found that Squid 3 would only enforce exactly half the configured rate on HTTP requests but enforce the full rate on HTTPS requests.

So we now make two delay pools for every "restriction": one for HTTP which is x2 the byte rate and one for HTTPS which is normal.

I don't we looked much more into it or filed a bug 'cause none of the developers seem very keen on pushing delay_pools forward, due their being more robust network-level approaches these days.

On Wed, 17 Feb 2016 at 12:37 Hery Martin <scorpionxii@xxxxxxxxx> wrote:
Hello everybody: 

Since a few months ago I'm using squid to provide a solution as small business proxy in the network of my work place. 

I'm from Cuba, in our country the Internet is a very limited resource. I have only one link of 2Mbps to share with 20 ~ 25 users (even with my network have more than 60) this is the normal concurrent number. 

When I start the squid deployment in my network I started using 2.7stable9 version, I made all arrangements to put it work with my AD to match ACLs using AD Groups and everything works perfect. 

I defined 1 class 2 delay pools to to limits traffic to 12 KBytes/s per user approx. 

delay_pool 1 
delay_class 1 2 
delay_parameters -1/-1 12228/12228 

The delay pool works perfect, I was checking with real-time tool sqstat and with squidclient mgr:delay 

NOW..... 

I recently upgrade squid to 3.3.8 and I notice that delay pool started to going wrong when the users surf or download using HTTPS protocol 

I checked in real-time and when the users browse HTTPS the pool goes in negative numbers and start to grow and grow, its very easy to check, just define a delay pool with 5KB and start a download from an HTTPS source and you can check it with squidclient mgr:delay, the ip takes negative pool value and keep growing until the download finish. 

Frustrated with this behavior I put different squid versions in a Virtualization Server and definitely I saw that the problem occurs with squid 3.x versions, today I made a final test and I think that the implementation of HTTP v1.1 is maybe related with that problem (I'm not sure but tomorow I will make a few tests with squid 3.1 where HTTP v1.1 was not yet implemented) 

Please, if you have the opportunity, just test this in a Lab environment, I decided to write to this email list because I asked to many people that already have implemented squid as proxy in their networks and they didn't believed to me until I demostrated the issue. 

Have anyone information about this bug? There is any hope to fix this problem at code level? 

Anyway, I'm computer systems engineer, I use to write a lot C++ lines every week... I'm not related with the squid development (never saw the code in my life) but if somebody have any idea how to fix this and wants help just count with me. 

Greetings from Cuba and sorry about my English :)
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux