+ Responder ao Tópico



  1. #1

    Padrão Como melhorar o desempenho do squid?

    Oi pessoal,

    Hoje tenho um servidor proxy transparente na minha rede que serve p/ meu radio, eu mesmo fiz as configurações do squid, como não sei muita coisa, gostaria que a galera me ajudasse a melhora o desempenho do meu squid.

    ############# Inicio do meu squid.conf ##############


    # CONFIGURACAO DEFAULT
    http_port 3128
    icp_port 3130
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY

    # SERVIDOR USA 196Mb
    cache_mem 64 MB
    cache_swap_low 90
    cache_swap_high 95
    maximum_object_size 16 MB
    minimum_object_size 0 KB
    maximum_object_size_in_memory 10 MB
    cache_dir ufs /cache/squid 5600 16 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log
    icon_directory /usr/share/squid/icons/
    error_directory /usr/share/squid/errors/Portuguese
    coredump_dir /var/spool/squid
    announce_period 5 day
    cache_mgr [email protected]
    visible_hostname proxy.bogus.com.br

    # PROXY TRANSPARENTE
    httpd_accel_port 80
    httpd_accel_host virtual
    #httpd_accel_single_host off
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on

    # CONFIGURACAO DO SNMP
    #acl snmppublic snmp_community public
    #snmp_port 3401
    #snmp_access allow snmppublic macaunet

    # BASE DE DADOS
    #client_db on
    #netdb_low 900
    #netdb_high 1000

    # SERVIDORES DE DNS
    dns_nameservers 200.210.33.3
    dns_nameservers 200.210.33.5
    dns_nameservers 200.163.120.226
    dns_nameservers 200.163.120.227
    dns_nameservers 200.xxx.xxx.xxx
    dns_nameservers 200.xxx.xxx.xxx
    dns_nameservers 200.xxx.xxx.xxx

    # PADROES DE REFRESH
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320

    # ACL'S DEFAULT
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8

    # ACL'S BOGUS
    acl bogus src 200.xxx.xxx.xxx/26
    acl discados src 200.xxx.xxx.xxx/26
    acl class_ip1 src 10.10.1.0/24
    acl class_ip2 src 10.10.2.0/24
    acl class_ip3 src 10.10.3.0/24

    # ACL'S BOGUS REDE INTERNA LIBERADO
    acl lib_escola src "/etc/squid/ip-eth1_liberado.txt"
    acl lib_wireless src "/etc/squid/ip-eth2_liberado.txt"
    acl lib_escritorio src "/etc/squid/ip-eth3_liberado.txt"

    # ACL'S BOGUS REDE INTERNA RESTRITO
    acl res_escola src "/etc/squid/ip-eth1_restrito.txt"
    acl res_wireless src "/etc/squid/ip-eth2_restrito.txt"
    acl res_escritorio src "/etc/squid/ip-eth3_restrito.txt"

    # ACL'S QUE LIBERA PORTAS
    acl SSL_ports port 443 563 # https, snews
    acl SSL_ports port 873 # rsync
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT

    # HTTP_ACCESS DEFAULT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost

    # BLOQUEADO POR DEFAULT
    acl sites_proibidos dstdomain "/etc/squid/regras/sites_proibidos.txt"
    acl palavras_proibidas url_regex -i "/etc/squid/regras/palavras_proibidas.txt"
    acl download_proibidos url_regex -i "/etc/squid/regras/download_proibidos.txt"
    acl multimidia_proibidos url_regex -i "/etc/squid/regras/multimidia_proibidos.txt"

    # CORRIGE O BUG DO SITE HOTMAIL.COM
    acl hotmail_domains dstdomain .hotmail.msn.com
    header_access Accept-Encoding deny hotmail_domains

    # LIBERANDO O USO DO MSN ATRAVES DO PROXY
    acl msn_ip src 10.10.2.0/24
    acl libmsn dstdomain loginnet.passport.com
    acl libmsnmessenger url_regex -i gateway.dll
    acl lib_msn req_mime_type -i ^application/x-msn-messenger$
    http_access allow libmsn msn_ip
    http_access allow libmsnmessenger msn_ip
    http_access allow lib_msn msn_ip

    # BLOQUEANDO O USO DO MSN ATRAVES DO PROXY
    acl bloqmsn dstdomain loginnet.passport.com
    acl bloqmsnmessenger url_regex -i gateway.dll
    acl bloq_msn req_mime_type -i ^application/x-msn-messenger$
    http_access deny bloqmsn
    http_access deny bloqmsnmessenger
    http_access deny bloq_msn

    # SITES QUE NAO FAZ CACHE
    acl sites_nocache url_regex "/etc/squid/regras/sites_nocache.txt" \?
    acl files_nocache url_regex "/etc/squid/regras/download_proibidos.txt"
    acl files2_nocache url_regex "/etc/squid/regras/multimidia_proibidos.txt"

    # HTTP_ACCESS LIBERADOS REDE EXTERNA
    http_access allow macaunet
    http_access allow discados

    # HTTP_ACCESS LIBERADO DIRETO
    http_access allow lib_escola
    http_access allow lib_wireless
    http_access allow lib_escritorio

    # HTTP_ACCESS BLOQUEADO
    http_access deny sites_proibidos
    http_access deny palavras_proibidas
    http_access deny download_proibidos
    http_access deny multimidia_proibidos

    # HTTP_ACCESS LIBERADO SOBRE REGRAS
    http_access allow res_escola
    http_access allow res_wireless
    http_access allow res_escritorio

    # HTTP_ACCESS NO CACHE
    no_cache deny sites_nocache
    no_cache deny files_nocache
    no_cache deny files2_nocache

    # HTTP_ACCESS DEFAULT BLOQUEANDO TUDO
    http_access deny all

    # CONFIGURACAO DEFAULT
    http_reply_access allow all
    icp_access allow all
    #icp_access allow discados
    #icp_access allow lib_wireless

  2. #2

    Padrão Como melhorar o desempenho do squid?

    mano achei louco seu squid.conf.... tenho um aqui q não bloqueia nada, não grila com msn nem outlook nem nada....faz proxy transparente e controla o tamanho do cache e da memória.....dá uma olha da e coloca apenas suas regras de bloqueio.... Abraço
    ***********************************************************************************************************
    Pessoal escrevi está conf com a finalidade de fazer um proxy transparente, bem enxuto, que não barra-se nada , não tivesse nenhuma neura com o Skype, hotmail, msn e controla-se o tamanho do cache no hd para não estourar o espaço limite. Depois de vários testes feito por mim e por amigos em várias Distros diferentes resolvi coloca-lo aqui no site para poder ajudar a todos que me ajudaram a escreve-lo tão pequeno e tão funcional. Abraço em Geral

    #Squid.conf - 01/01/2005
    #Lacier Dias
    #msn: [email protected]

    http_port 192.168.0.1:3128

    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY

    # memoria usada:
    cache_mem 32 MB

    #esvazia o cache:
    cache_swap_low 90
    cache_swap_high 93

    maximum_object_size 6144 KB
    minimum_object_size 0 KB

    maximum_object_size_in_memory 100 KB

    ipcache_size 1024
    ipcache_low 90
    ipcache_high 93

    cache_replacement_policy lru
    memory_replacement_policy lru

    # disco usado:
    cache_dir ufs /var/spool/squid/cache 5000 16 256

    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log

    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours

    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320

    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl rede src 192.168.0.0/255.255.255.0

    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT

    http_access allow localhost
    http_access allow rede

    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny all

    http_reply_access allow all

    icp_access allow all

    cache_effective_user squid
    cache_effective_group squid

    httpd_accel_port 80
    httpd_accel_host virtual
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on

  3. #3
    elton
    Visitante

    Padrão Como melhorar o desempenho do squid?

    Estou tentamdo Utilizar suas regras acl para bloquear sites e palavas proibidas mas esta dando erro.
    O que seria?

    Veja

    [root@GFMI74 squid]# squid -z
    2005/01/12 13:09:58| aclParseAclLine: IGNORING invalid ACL: acl palavras_proibidas url_regex -i "/etc/squid/regras/palavras_proibidas.txt"
    2005/01/12 13:09:58| aclParseAclLine: IGNORING invalid ACL: acl download_proibidos url_regex -i "/etc/squid/regras/download_proibidos.txt"
    2005/01/12 13:09:58| aclParseAclLine: IGNORING invalid ACL: acl multimidia_proibidos url_regex -i "/etc/squid/regras/multimidia_proibidos.txt"
    2005/01/12 13:09:58| squid.conf line 133: http_access deny palavras_proibidas
    2005/01/12 13:09:58| aclParseAccessLine: ACL name 'palavras_proibidas' not found.
    2005/01/12 13:09:58| squid.conf line 133: http_access deny palavras_proibidas
    2005/01/12 13:09:58| aclParseAccessLine: Access line contains no ACL's, skipping
    2005/01/12 13:09:58| squid.conf line 134: http_access deny download_proibidos
    2005/01/12 13:09:58| aclParseAccessLine: ACL name 'download_proibidos' not found.
    2005/01/12 13:09:58| squid.conf line 134: http_access deny download_proibidos
    2005/01/12 13:09:58| aclParseAccessLine: Access line contains no ACL's, skipping
    2005/01/12 13:09:58| squid.conf line 135: http_access deny multimidia_proibidos
    2005/01/12 13:09:58| aclParseAccessLine: ACL name 'multimidia_proibidos' not found.
    2005/01/12 13:09:58| squid.conf line 135: http_access deny multimidia_proibidos
    2005/01/12 13:09:58| aclParseAccessLine: Access line contains no ACL's, skipping
    2005/01/12 13:09:58| parseConfigFile: line 151 unrecognized: 'http_reply_access allow all '
    2005/01/12 13:09:58| Creating Swap Directories
    FATAL: Failed to make swap directory /cache/squid: (2) No such file or directory
    Squid Cache (Version 2.4.STABLE7): Terminated abnormally.
    CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys
    Maximum Resident Size: 0 KB
    Page faults with physical i/o: 8

  4. #4

    Padrão RES

    Citação Postado originalmente por elton
    Estou tentamdo Utilizar suas regras acl para bloquear sites e palavas proibidas mas esta dando erro.
    O que seria?

    Veja

    [root@GFMI74 squid]# squid -z
    2005/01/12 13:09:58| aclParseAclLine: IGNORING invalid ACL: acl palavras_proibidas url_regex -i "/etc/squid/regras/palavras_proibidas.txt"
    2005/01/12 13:09:58| aclParseAclLine: IGNORING invalid ACL: acl download_proibidos url_regex -i "/etc/squid/regras/download_proibidos.txt"
    2005/01/12 13:09:58| aclParseAclLine: IGNORING invalid ACL: acl multimidia_proibidos url_regex -i "/etc/squid/regras/multimidia_proibidos.txt"
    2005/01/12 13:09:58| squid.conf line 133: http_access deny palavras_proibidas
    2005/01/12 13:09:58| aclParseAccessLine: ACL name 'palavras_proibidas' not found.
    2005/01/12 13:09:58| squid.conf line 133: http_access deny palavras_proibidas
    2005/01/12 13:09:58| aclParseAccessLine: Access line contains no ACL's, skipping
    2005/01/12 13:09:58| squid.conf line 134: http_access deny download_proibidos
    2005/01/12 13:09:58| aclParseAccessLine: ACL name 'download_proibidos' not found.
    2005/01/12 13:09:58| squid.conf line 134: http_access deny download_proibidos
    2005/01/12 13:09:58| aclParseAccessLine: Access line contains no ACL's, skipping
    2005/01/12 13:09:58| squid.conf line 135: http_access deny multimidia_proibidos
    2005/01/12 13:09:58| aclParseAccessLine: ACL name 'multimidia_proibidos' not found.
    2005/01/12 13:09:58| squid.conf line 135: http_access deny multimidia_proibidos
    2005/01/12 13:09:58| aclParseAccessLine: Access line contains no ACL's, skipping
    2005/01/12 13:09:58| parseConfigFile: line 151 unrecognized: 'http_reply_access allow all '
    2005/01/12 13:09:58| Creating Swap Directories
    FATAL: Failed to make swap directory /cache/squid: (2) No such file or directory
    Squid Cache (Version 2.4.STABLE7): Terminated abnormally.
    CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys
    Maximum Resident Size: 0 KB
    Page faults with physical i/o: 8
    Oi elton,

    vc ja criou os arquivo dentro do /etc/squid?