[squid-users] Delay Pools and HTTPS on Squid 3.x

Dan Charlesworth dan at getbusi.com
Wed Feb 17 01:51:03 UTC 2016


It's been a while since I've looked at this—because the software we use to
generate our squid.conf just works around now—but we found that Squid 3
would only enforce exactly half the configured rate on HTTP requests but
enforce the full rate on HTTPS requests.

So we now make two delay pools for every "restriction": one for HTTP which
is x2 the byte rate and one for HTTPS which is normal.

I don't we looked much more into it or filed a bug 'cause none of the
developers seem very keen on pushing delay_pools forward, due their being
more robust network-level approaches these days.

On Wed, 17 Feb 2016 at 12:37 Hery Martin <scorpionxii at gmail.com> wrote:

> Hello everybody:
>
> Since a few months ago I'm using squid to provide a solution as small
> business proxy in the network of my work place.
>
> I'm from Cuba, in our country the Internet is a very limited resource. I
> have only one link of 2Mbps to share with 20 ~ 25 users (even with my
> network have more than 60) this is the normal concurrent number.
>
> When I start the squid deployment in my network I started using 2.7stable9
> version, I made all arrangements to put it work with my AD to match ACLs
> using AD Groups and everything works perfect.
>
> I defined 1 class 2 delay pools to to limits traffic to 12 KBytes/s per
> user approx.
>
> delay_pool 1
> delay_class 1 2
> delay_parameters -1/-1 12228/12228
>
> The delay pool works perfect, I was checking with real-time tool sqstat
> and with squidclient mgr:delay
>
> NOW.....
>
> I recently upgrade squid to 3.3.8 and I notice that delay pool started to
> going wrong when the users surf or download using HTTPS protocol
>
> I checked in real-time and when the users browse HTTPS the pool goes in
> negative numbers and start to grow and grow, its very easy to check, just
> define a delay pool with 5KB and start a download from an HTTPS source and
> you can check it with squidclient mgr:delay, the ip takes negative pool
> value and keep growing until the download finish.
>
> Frustrated with this behavior I put different squid versions in a
> Virtualization Server and definitely I saw that the problem occurs with
> squid 3.x versions, today I made a final test and I think that the
> implementation of HTTP v1.1 is maybe related with that problem (I'm not
> sure but tomorow I will make a few tests with squid 3.1 where HTTP v1.1 was
> not yet implemented)
>
> Please, if you have the opportunity, just test this in a Lab environment,
> I decided to write to this email list because I asked to many people that
> already have implemented squid as proxy in their networks and they didn't
> believed to me until I demostrated the issue.
>
> Have anyone information about this bug? There is any hope to fix this
> problem at code level?
>
> Anyway, I'm computer systems engineer, I use to write a lot C++ lines
> every week... I'm not related with the squid development (never saw the
> code in my life) but if somebody have any idea how to fix this and wants
> help just count with me.
>
> Greetings from Cuba and sorry about my English :)
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160217/32b23c8f/attachment.html>


More information about the squid-users mailing list