On 2/10/20 6:32 AM, Yurii Kirychuk wrote: > Is it normal that a secure connection to the site is delayed by 10-15 > seconds? No, it is not. Most likely, you are suffering from some kind of a DNS, IPv6, or TCP timeout. You may be able to identify the culprit by watching DNS and TCP traffic while reproducing the problem with a single transaction on an otherwise idle Squid. Studying access.log may also be helpful, especially if you add %codes reflecting DNS response times. If everything else fails, studying cache.log with high debugging levels may be necessary (see debug_options in squid.conf). Alex. > squid 4.10, transparent http/https > > squid.conf > acl localnet src 10.3.198.0/24 <http://10.3.198.0/24> > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > acl blackmails dstdom_regex "/etc/squid/blackmailssl" > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > http_access deny blackmails > > http_access allow localhost manager > http_access deny manager > http_access allow localnet > http_access allow localhost > http_access deny all > > dns_nameservers 10.3.198.254 10.3.105.2 10.3.100.2 > dns_v4_first on > > http_port 10.3.198.226:3128 <http://10.3.198.226:3128> > http_port 10.3.198.226:3129 <http://10.3.198.226:3129> intercept > https_port 10.3.198.226:3130 <http://10.3.198.226:3130> intercept > ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=8MB > connection-auth=off tls-cert=/etc/squid/squidCA.pem > > tls_outgoing_options options=NO_SSLv3 > > acl blackmailssl ssl::server_name_regex "/etc/squid/blackmailssl" > acl step1 at_step SslBump1 > > sslcrtd_program /usr/lib/squid/security_file_certgen -s > /usr/lib/squid/ssl_db -M 8MB > > ssl_bump peek step1 > acl blackmailssl ssl::server_name_regex "/etc/squid/blackmailssl" > ssl_bump splice !blackmailssl > ssl_bump terminate all > > cache_dir ufs /var/spool/squid 10240 16 256 > maximum_object_size 1024 KB > > coredump_dir /var/spool/squid > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
