+ Responder ao Tópico



  1. #1

    Padrão Squid autenticado deixando a internet lenta do nada

    Esta com o squid funcionando normal em uma máquina com o ubuntu 12.04 e outro em um CentOS virtualizado. Do nada na maquina com ubuntu a internet só estava funcionando o site do IG. Então fui testar a internet em uma máquina que não passa pelo proxy e a mesma está normal.

    Peguei as conf e joguei em o proxy e deixei as mesmas configurações em outro centos que tenho virtualizado e o problema continua. Quando marco o squid para o usuário autenticar, ele demora muito para abrir um site. Quando tiro a máquina do proxy, ela navega super rápido. O engraçado, é que não mudei nada e já vinha rodando a mais de 6 meses assim. Abaixo coloco o squid.conf e se algúém puder me ajudar pois como já troquei até de SO, não sei mais o que fazer.


    #NOME DO SERVIDOR#####################################################
    visible_hostname ubuntuserver


    ######################################################################
    #IP+PORTA USADA ####################################################
    http_port 10.0.1.254:3128
    ######################################################################
    icp_port 0
    ######################################################################
    #CACHE USADO-METADE DA RAM)###########################################
    cache_mem 256 MB
    ######################################################################
    #Cache Swap###########################################################
    cache_swap_low 80
    cache_swap_high 90
    ######################################################################
    #OBJECT_SIZE##########################################################
    maximum_object_size 200 MB
    minimum_object_size 0 KB
    #tamanho máximo dos objetos alocados na memória.
    maximum_object_size_in_memory 30 KB
    ######################################################################
    #DIRETORIOS DO CACHE MULTIPLOS########################################
    cache_dir aufs /var/cachesquid1 5000 16 256


    #Erro squid
    error_directory /usr/share/squid/errors/pt-br/




    # Resolve um problema com conexões persistentes que ocorre com certos servidores,
    # e que provoca delays em nosso cache.
    detect_broken_pconn on


    # Provoca um ganho de performance ao usar conexões Pipeline (requisições em
    # paralelo)
    #pipeline_prefetch on














    #DNS squid cache
    #dns_nameservers 10.0.1.254
    #dns_nameservers 127.0.0.1


    #####################################################################
    #LOGS################################################################
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none
    #####################################################################
    #REGRA AUTENTICACAO
    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
    auth_param basic children 5
    auth_param basic realm Digite seu usuario e senha
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    ####################################################################
    request_body_max_size 0 MB
    ####################################################################


    #ACL's########################################################
    #SITES QUE NÃO PRECISAM DE AUTENTICACAO COM SENHA
    acl NO_AUTH url_regex -i '/etc/squid/no_auth_url'
    http_access allow NO_AUTH
    #################################################
    #SITES BLOQUEADOS PARA QUALQUER USUARIO
    acl BLOCK url_regex -i '/etc/squid/bloqueados'
    http_access deny BLOCK








    #################################################
    #MSN SÓ PARA USUARIOS DESSA ACL##################
    acl bloqueiamsn url_regex -i "/etc/squid/bloqueiamsn"
    acl g_liberado proxy_auth inspetor inspetornfa wellington barbara alisson neide ademario marinalva fernando rmartins vicente handerson
    http_access deny bloqueiamsn !g_liberado
    #################################################
    ##### BLOQUEIO DE DOWNLOAD DAS EXTENSOES ABAIXO##
    acl extensoes url_regex -i \.bat \.scr \.mp3 \.bat \.vbs \.wmv \.wma \.mp4
    http_access deny extensoes




    #acl downloads urlpath_regex "/etc/squid/downloads.txt"
    #http_access deny downloads
    #testando a opcao abaixo
    #acl downloads req_mime_type application/octet-stream application/zip audio/mpeg audio/wav video/mpeg video/avi video/quicktime video/x-msvideo video/x-ms-wmv/
    #http_access deny downloads
    #################################################
    #REGRAS GERAIS###################################
    acl localnet src 10.0.1.0/24
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl SSL_ports port 443 4243 563
    acl Safe_ports port 80 21 443 563 70 210 1025-65535
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost












    #Estas 'refresh_pattern' fazem com que o squid mantenha o maximo
    #possivel um objeto em cache, aumentando o cache HIT e byte HIT


    refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.exe$ 0 50% 21600 reload-into-ims
    refresh_pattern -i \.php$ 0 20% 1440 reload-into-ims
    refresh_pattern -i \.html$ 0 20% 1440 reload-into-ims
    refresh_pattern -i \.htm$ 0 20% 1440 reload-into-ims
    refresh_pattern -i \.shtml$ 0 20% 1440 reload-into-ims
    refresh_pattern -i \.shtm$ 0 20% 1440 reload-into-ims
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320











    #SITES QUE NÃO ENTRAM NO CACHE###################
    acl NO_CACHE url_regex -i '/etc/squid/no_cache_url'
    no_cache deny NO_CACHE
    #################################################
    #AUTENTICAÇÕES POR USUARIO#######################




    #Monica
    acl u_monica proxy_auth monica
    #Dayane
    acl u_dayd proxy_auth dayd
    #Junior
    acl u_junior proxy_auth junior
    #Sandra
    acl u_sandra proxy_auth sandra
    #Wellington
    acl u_wellington proxy_auth wellington


    acl u_dayd proxy_auth dayd


    #Angelina
    acl u_angelina proxy_auth angelina


    e etc.. para todos usuarios




    #USER:ROGERIO
    acl u_rmartins_url_allow url_regex -i "/etc/squid/u_rogerio_allow"
    http_access allow u_rmartins u_neide_url_allow
    acl u_rmartins_url_deny url_regex -i "/etc/squid/u_rogerio_deny"
    http_access deny u_rmartins u_rmartins_url_deny
    #####################################################################
    #USER:NEOMAR
    acl u_neomar_url_allow url_regex -i "/etc/squid/u_neomar_allow"
    http_access allow u_neomar u_neomar_url_allow
    acl u_neomar_url_deny url_regex -i "/etc/squid/u_neomar_deny"
    http_access deny u_neomar u_neomar_url_deny
    #####################################################################
    #USER:Vicente
    acl u_vicente_url_allow url_regex -i "/etc/squid/u_vicente_allow"
    http_access allow u_vicente u_vicente_url_allow
    acl u_vicente_url_deny url_regex -i "/etc/squid/u_vicente_deny"
    http_access deny u_vicente u_vicente_url_deny
    ##################################################################






    e etc... para todos usuarios
    #####################################################################


    ##################################################################








    ####################################################################
    #LIBERAR AUTENTICACAO################################################
    acl autenticados proxy_auth REQUIRED
    http_access allow autenticados
    #####################################################################
    miss_access allow all
    cache_mgr root
    memory_pools on
    #####################################################################
    #BLOQUEIA TUDO#######################################################
    http_access deny all
    ####################################################################

  2. #2

    Thumbs up Re: Squid autenticado deixando a internet lenta do nada

    Meu caro,

    Qual a configuração de sua maquina servidora?
    Quantas conexões simultâneas você tem?
    Como esta dividido em percentual as suas chamadas de internet? (youtube,facebook,orkut,...)
    Você quer fazer cache de conteúdo ou pagina?
    Seus cliente tem IP publico ou é por NAT
    Seu cache voce instalou no modo paralelo / tproxy / serie ?

    Tem uma serie de perguntas que devem ser feitas e respondidas para você analisar seu problema. Cache e bom mas da trabalho para acerta e pode levar alguns meses mas da para economizar um 30% da banda final.

    Pense da seguinte maneira: o que me gera maior trafego? é isso que eu quero cachear.

    Paginas pequenas para um numero de conexão simultâneas pequena não fale a pena mas Update de windows sim.

    Perca um tempinho e analisa o trafego de sua rede.

    em relação ao seu script 1° tem que definir o que voce quer para depois saber se voce vez certo.