é o seguinte ele fica muito lento ... as paginas que estão em cache é muito rapido mais as que nao estão demora mais de 15 segundos para começar a carregar.. se a pagina for exemplo www.uai.com.br\algumacoisa e dentro dela.. tiver um link www.uai.com.br\outracoisa funciona blz ... mais ser for maisumacoisa.uai.com.br demora mais de 15 segundos para começar a abrir .. ou seja.. não dá...
minha configuração é a seguinte....
Athon xp 2000
1024 MB DDR
HD Do Proxy 40GB
internet = eth0 ( 10.0.2.18 )
clientes = Wlan1 192.168.253.0/24
clientes = Wlan2 192.168.254.0/24
no firewalll coloquei as seguintes linhas:
forward tcp to 10.0.2.18 8080 from 192.168.254.0/24 to any 80 out via $net
forward tcp to 10.0.2.18 8080 from 192.168.253.0/24 to any 80 out via $net
Minhas configurações do proxy:
# Caching proxy configuration.
# The defaults in this file should be enough for a fully operational proxy
# with no changes nessesary outside of the 'Access Control List' items
# below.
# The port the proxy will operate on. It is advisable to firewall access to
# this port from the Internet as to prevent it from being used as a SPAM
# gateway.
http_port 8080
# Change this to be unique between proxy servers, if using more than one.
visible_hostname proxy
cache_mem 512 MB
maximum_object_size 100MB
#minimum_object_size 0 KB
# maximum_object_size_in_memory 128 KB
# cache_swap_low 512
# cache_swap_high 512
# dns_children 5
# dns_retransmit_interval 5 seconds
# dns_timeout 5 minutes
# connect_timeout 2 minutes
# peer_connect_timeout 30 seconds
## ENABLE TRANSPARENT PROXY SUPPORT
#############################################
cache_mgr webmaster
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
hierarchy_stoplist cgi-bin ?
ftp_user proxy@
#### DISABLE CACHING OF CGI-BIN OBJECTS
#############################################
# TAG: no_cache
# A list of ACL elements which, if matched, cause the reply to
# immediately removed from the cache. In other words, use this
# to force certain objects to never be cached.
#
# You must use the word 'DENY' to indicate the ACL names which should
# NOT be cached.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#### ACCESS CONTROL LISTS
#############################################
# TAG: acl
# Defining an Access List
#
# acl aclname acltype string1 ...
#
# acltype is one of src dst srcdomain dstdomain url_pattern
# urlpath_pattern time port proto method browser user
#
# By default, regular expressions are CASE-SENSITIVE. To make
# them case-insensitive, use the -i option.
#
# acl aclname src ip-address/netmask ... (clients IP address)
# acl aclname src addr1-addr2/netmask ... (range of addresses)
# acl aclname dst ip-address/netmask ... (URL host's IP address)
# acl aclname myip ip-address/netmask ... (local socket IP address)
#
# acl aclname srcdomain .foo.com ... # reverse lookup, client IP
# acl aclname dstdomain .foo.com ... # Destination server from URL
# acl aclname srcdom_regex [-i] xxx ... # regex matching client name
# acl aclname dstdom_regex [-i] xxx ... # regex matching server
# # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
# # based URL is used. The name "none" is used if the reverse lookup
# # fails.
#
# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2
#
# acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL
# acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path
# acl aclname port 80 70 21 ...
# acl aclname port 0-1024 ... # ranges allowed
# acl aclname myport 3128 ... # (local socket TCP port)
# acl aclname proto HTTP FTP ...
# acl aclname method GET POST ...
# acl aclname browser [-i] regexp
# # pattern match on User-Agent header
# acl aclname ident username ...
# acl aclname ident_regex [-i] pattern ...
# # string match on ident output.
# # use REQUIRED to accept any non-null ident.
# acl aclname src_as number ...
# acl aclname dst_as number ...
# # Except for access control, AS numbers can be used for
# # routing of requests to specific caches. Here's an
# # example for routing all requests for AS#1241 and only
# # those to mycache.mydomain.net:
# # acl asexample dst_as 1241
# # cache_peer_access mycache.mydomain.net allow asexample
# # cache_peer_access mycache_mydomain.net deny all
#
# acl aclname proxy_auth username ...
# acl aclname proxy_auth_regex [-i] pattern ...
# # list of valid usernames
# # use REQUIRED to accept any valid username.
# #
# # NOTE: when a Proxy-Authentication header is sent but it is not
# # needed during ACL checking the username is NOT logged
# # in access.log.
# #
# # NOTE: proxy_auth requires a EXTERNAL authentication program
# # to check username/password combinations (see
# # authenticate_program).
# #
# # WARNING: proxy_auth can't be used in a transparent proxy. It
# # collides with any authentication done by origin servers. It may
# # seem like it works at first, but it doesn't.
#
# acl aclname snmp_community string ...
# # A community string to limit access to your SNMP Agent
# # Example:
# #
# # acl snmppublic snmp_community public
#
# acl aclname maxconn number
# # This will be matched when the client's IP address has
# # more than <number> HTTP connections established.
#
# acl req_mime_type mime-type1 ...
# # regex match agains the mime type of the request generated
# # by the client. Can be used to detect file upload or some
# # types HTTP tunelling requests.
# # NOTE: This does NOT match the reply. You cannot use this
# # to match the returned file type.
#
# Examples:
# acl myexample dst_as 1241
# acl password proxy_auth REQUIRED
# acl fileupload req_mime_type -i ^multipart/form-data$
# Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl Relay_Email port 25 # SMTP (used by bulk emailers)
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#### ACCESS CONTROLS
#############################################
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to deny
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
# Deny those who wish to use the proxy as an email gateway
http_access deny Relay_Email
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# Replace the 'http_access allow all' with your own http_access statements
# for the subnets you wish to grant access. (default is to allow all)
http_access allow all
http_access deny all
icp_access deny all
#### INTERNET EXPLORER 5.5 REFRESH FIX
#############################################
# TAG: ie_refresh on|off
# Microsoft Internet Explorer up until version 5.5 Service
# Pack 1 has an issue with transparent proxies, wherein it
# is impossible to force a refresh. Turning this on provides
# a partial fix to the problem, by causing all IMS-REFRESH
# requests from older IE versions to check the origin server
# for fresh content. This reduces hit ratio by some amount
# (~10% in my experience), but allows users to actually get
# fresh content when they want it. Note that because Squid
# cannot tell if the user is using 5.5 or 5.5SP1, the behavior
# of 5.5 is unchanged from old versions of Squid (i.e. a
# forced refresh is impossible). Newer versions of IE will,
# hopefully, continue to have the new behavior and will be
# handled based on that assumption. This option defaults to
# the old Squid behavior, which is better for hit ratios but
# worse for clients using IE, if they need to be able to
# force fresh content.
ie_refresh on
############################################################################
# The entries below must remain unaltered or the proxy will not
# operate properly.
cache_dir ufs /hdd/squid/cache 1024 64 256
cache_access_log /hdd/squid/logs/access.log
cache_log /hdd/squid/logs/cache.log
cache_store_log /hdd/squid/logs/store.log
pid_filename /hdd/squid/logs/squid.pid
cache_effective_user nobody
cache_effective_group nobody
############################################################################
Por Favor Gente alguém me salve .....