[squid-users] Squid stop working

Amos Jeffries squid3 at treenet.co.nz
Sat Sep 24 22:30:42 UTC 2016 

On 24/09/2016 5:17 a.m., nilesh.gavali at tcs.com wrote:
> All;
> Recently facing issue of squid stop working. it was working fine when 
> there was little load on it. 
> Our system administrator configure group policy to enabled proxy on all 
> desktops with exception in proxy settings to local network.
> Reason to increase load on proxy is; Google chrome browser - when opened, 
> it try to open chrome sign-in page which redirect to client1.google.com 
> and so on.
> all these request get denied on proxy. Same with IE's bing home page try 
> to connect MS site.
> 
> So I carry out following changes to squid config file
> Cache_dir value from 1024 to 10240.

cache_dir has nothing to do with access permissions. That is simply a
storage space for HTTP response objects.

> Since we have Kerberos auth cofnigured for SSO, I also increase auth_param 
> negotiate children from 10 to 20.
> 
> after this it start working as of now.


So lets get this straight.

When you increased the number of concurrent logins the proxy could
process to be 20. The proxy started to work more happily handling ~20
concurrent users, at ~20 requests per second.


Hint: Does the number 20 occuring a lot in those values give you any
ideas about the problem?


> 
> I need to know what all caution I need to take more to avoid further 
> issue.

Several things you can do (in this order of preference):

* upgrade to a supported Squid proxy version.
 3.1 is more than 5 years out of date. Current stable is 3.5.21. If your
operating system does not provide a more recent version it also needs to
be upgraded.

* ensure that persistent connections to clients is enabled.
 This will reduce the amount of authentications needed (thus alter the
helper load).

* increase the auth helper children value a bit more.
 Check the report (squidclient mgr:negotiateauthenticator) to see how
much each child is processing, the first should have a lot of uses, the
last none or nearly none. If the last child is handling many requests
then you could benefit from some more being started.


Amos

More information about the squid-users mailing list