[squid-users] Squid ICAP -> Sophos SAVDI -> read_ahead_gap question

netadmin netadmin at aicta.ro
Mon Jan 27 18:52:15 UTC 2020

My system:
7th generation Intel processor with 32 GB RAM
HDD on SATA without RAID
OS: Linux Slackware 64 bit
Squid version: 4.10 (compiled from sources)
Number of clients using ICAP: 20
Relevant squid.conf options:
reply_body_max_size 20 MB localnet
http_port ssl-bump \
cert=/usr/local/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s
/var/lib/ssl_db -M 16MB
sslcrtd_children 32 startup=10 idle=2
cache_mem 4096 MB
maximum_object_size_in_memory 20 MB
maximum_object_size 200 MB
cache_dir ufs <...> 10240 16 256
quick_abort_min -1
read_ahead_gap 20 MB
icap_enable on
icap_service_failure_limit 20
icap_service sophosicap respmod_precache icap://
adaptation_access sophosicap deny CONNECT
adaptation_access sophosicap allow all

If I try to download a 20 MB file on all workstations at the same time,
without the option "read_ahead_gap 20 MB", the download fails on a small
number of workstations.
After about a week of searching and reading the documentation I tried the
above option, the download errors are gone and the processor load is low.
I do not fully understand the transfer mechanism between the ICAP client
(Squid) and the ICAP server (Sophos SAVDI), but I noticed that the download
time is shorter if the file is stored in RAM cache (using cache_mem)
compared to disk storage.
If I use disk storage for the 20 MB file, during the simultaneous download
the processor load reaches 100% - this I think not because of the ICAP
server - and download errors occur.
Is the maximum supported size for a file transmitted to the ICAP server 20
Is there anything wrong with my settings?

Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list