<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font face="Bitstream Charter">Hi all.</font></p>
<p><font face="Bitstream Charter">Squid has a strange behavior: suddenly, it stops writing the log files (access.log and cache.log) for about 30 seconds clients cannot access the cache. Because my proxy is using AD auth, I checked the link between them and
is OK. During the time squid "is down", the number of ext_wbinfo_group_acl processes starts growing until Squid operates normally. My squid box has 4GB of RAM and enough disk space to store the cache.<br>
</font></p>
<p><font face="Bitstream Charter">Here is my squid.conf:</font></p>
<p><font face="Bitstream Charter">http_port 3128<br>
############################################################################<br>
# Administrative Parameters<br>
############################################################################<br>
visible_hostname Proxy-cache<br>
cache_mgr <a class="moz-txt-link-abbreviated" href="mailto:proxy@proxy.net">proxy@proxy.net</a><br>
cache_effective_user proxy<br>
error_directory /usr/share/squid3/errors/es<br>
err_page_stylesheet /etc/squid3/style.css<br>
############################################################################<br>
#******************************Ports*************************************#<br>
############################################################################<br>
#acl manager proto cache_object<br>
#acl all src 0.0.0.0/0.0.0.0<br>
#acl localhost src 127.0.0.1/32<br>
acl SSL_ports port 443<br>
acl Safe_ports port 80<br>
acl Safe_ports port 21<br>
acl Safe_ports port 443<br>
acl Safe_ports port 70 #prot gopher<br>
acl Safe_ports port 210 #whais<br>
acl Safe_ports port 280 #http-mgmt<br>
acl Safe_ports port 488 #gss-http<br>
acl Safe_ports port 591 #filemaker<br>
acl Safe_ports port 8080<br>
acl Safe_ports port 2481<br>
acl Safe_ports port 20010<br>
acl Safe_ports port 777 #multi http<br>
#acl purge method PURGE<br>
acl CONNECT method CONNECT<br>
acl_uses_indirect_client on<br>
delay_pool_uses_indirect_client on<br>
log_uses_indirect_client on<br>
http_access allow manager all<br>
http_access deny manager<br>
</font></p>
<p><font face="Bitstream Charter">############################################################################<br>
#*******************HELPERS AD**************************#<br>
############################################################################<br>
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --DOMAIN=DOMAIN<br>
auth_param ntlm children 300 startup=100 idle=50<br>
auth_param ntlm keep_alive off <br>
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic<br>
auth_param basic children 50 startup=20 idle=10<br>
auth_param basic realm proxy<br>
auth_param basic credentialsttl 2 hours<br>
<br>
###########################################################################<br>
#****************************ACL******************************************#<br>
###########################################################################<br>
external_acl_type Grupos_AD ttl=10 children-max=300 children-startup=100 children-idle=150 ipv4 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl<br>
acl proxy external Grupos_AD Users_proxy</font></p>
<p><font face="Bitstream Charter">############################################################################<br>
#*****************************Rules***************************************#<br>
############################################################################<br>
acl auth proxy_auth REQUIRED<br>
http_access deny !auth<br>
http_access allow proxy all</font></p>
<p><font face="Bitstream Charter">http_access deny !Safe_ports<br>
http_access deny CONNECT !SSL_PORTS<br>
#http_access allow redlocal<br>
http_access deny all<br>
<br>
############################################################################<br>
#*************************Log********************************#<br>
############################################################################<br>
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt<br>
cache_access_log /var/log/squid3/access.log<br>
cache_log /var/log/squid3/cache.log<br>
logfile_rotate 0<br>
buffered_logs off</font></p>
<p><font face="Bitstream Charter">############################################################################<br>
#******************Cache and memory***************************#<br>
############################################################################<br>
cache_dir aufs /var/spool/squid3 30000 16 256<br>
cache_mem 1536 MB<br>
cache_swap_low 80<br>
cache_swap_high 95<br>
maximum_object_size_in_memory 1024 KB<br>
memory_cache_mode always<br>
maximum_object_size 200 MB<br>
minimum_object_size 0 KB<br>
cache_replacement_policy heap GDSF<br>
memory_replacement_policy heap GDSF<br>
cache_store_log none<br>
log_icp_queries off<br>
redirect_rewrites_host_header off<br>
fqdncache_size 51200</font></p>
<p><font face="Bitstream Charter">############################################################################<br>
# Refresh Pattern Options<br>
############################################################################<br>
refresh_pattern ^ftp: 1440 20% 10080<br>
refresh_pattern ^gopher: 1440 0% 1440<br>
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000<br>
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 43200 90% 43200<br>
refresh_pattern -i \.(html|htm|css|js|xhtml)$ 9440 90% 43200<br>
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080<br>
refresh_pattern -i \.(xml|flow)$ 0 90% 100000<br>
refresh_pattern -i \.(json)$ 1440 90% 5760<br>
refresh_pattern -i \.(bin|deb|rpm|drpm|exe|zip|tar|tgz|bz2|ipa|bz|ram|rar|bin|uxx|gz|crl|dll|hz|apk|wtex|hz|tiff)$ 43200 90% 43200<br>
refresh_pattern -i \.(swf|js|wav|css|class|dat|zsci|do|ver|advcs|woff|eps|ttf|svg|svgz|ps|acsm|wm(a|v))$ 43200 90% 43200<br>
#facebook<br>
refresh_pattern ^<a class="moz-txt-link-freetext" href="https://*.facebook.com/*">https://*.facebook.com/*</a> 14400 100% 4320<br>
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 14400 80% 10800<br>
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 14400 80% 10800<br>
refresh_pattern fbcdn\.net.*\.(jpg|jpeg|gif|png|ico|mp3|flv) 14400 80% 20080<br>
refresh_pattern static\.ak\.fbcdn\.net.*\.(jpg|jpeg|gif|png|ico|mp3|flv) 14400 80% 20080<br>
#otros<br>
refresh_pattern ^<a class="moz-txt-link-freetext" href="https://*.yahoo.*/.*">https://*.yahoo.*/.*</a> 720 100% 4320<br>
refresh_pattern ^<a class="moz-txt-link-freetext" href="https://*.gmail.*/.*">https://*.gmail.*/.*</a> 720 100% 4320<br>
refresh_pattern ^<a class="moz-txt-link-freetext" href="https://*.google.*/.*">https://*.google.*/.*</a> 720 100% 4320<br>
refresh_pattern ^<a class="moz-txt-link-freetext" href="https://*.googlesyndication.*/.*">https://*.googlesyndication.*/.*</a> 720 100% 4320<br>
refresh_pattern ^<a class="moz-txt-link-freetext" href="http://*.mercadolibre.*/.*">http://*.mercadolibre.*/.*</a> 720 100% 4320<br>
refresh_pattern youtube.*videoplay 14400 90% 24400<br>
refresh_pattern youtube.*get_video 14400 90% 24400<br>
refresh_pattern google.*videoplay 14400 90% 24400<br>
refresh_pattern googlevideo.*get_video 14400 90% 24400<br>
refresh_pattern -i ^https?:\/\/.*(gstatic\.com.*).* 1440 99% 14400<br>
refresh_pattern -i ^https:\/\/.*googleapis\.com\/.*\.*\/v2\/code\.google\.com\/.*\.* 10080 80% 43200<br>
refresh_pattern ^.*safebrowsing.*google 10080 80% 10080<br>
refresh_pattern -i gstatic.*/.* 14400 80% 10080<br>
refresh_pattern ytimg\.com\/.*\.(jpg|jpeg|gif|png|ico|mp3|flv|mp4) 14400 90% 24400<br>
refresh_pattern (mt|kh|pap).*\.google\.com 14400 90% 24400<br>
refresh_pattern (mt|kh|pap).*\.googleapis\.com 14400 90% 24400<br>
refresh_pattern s\d+\.dotua\.org\/fsua_items.*\.(jpg|jpeg|gif|png|ico|mp3|flv|mp4) 14400 90% 24400<br>
refresh_pattern .*static\.video\.yandex\.ru\/swf\/.*&r=.* 14400 90% 24400<br>
refresh_pattern vec.*\.maps\.yandex\.net\/tiles\? 14400 90% 20080<br>
refresh_pattern static.*\.maps\.yandex\. 14400 90% 20080<br>
refresh_pattern pvec.*\.maps\.yandex\.net 14400 90% 20080<br>
refresh_pattern lrs\.maps\.yandex\.net\/tiles\? 14400 90% 20080<br>
refresh_pattern yandex\.st\/.*(jpg|jpeg|gif|png|ico|mp3|flv|mp4) 14400 90% 20080<br>
refresh_pattern static\.video\.yandex\.net\/.*(jpg|jpeg|gif|png|ico|mp3|flv|mp4).* 14400 90% 20080</font></p>
<p><font face="Bitstream Charter">refresh_pattern -i \.*(.*(maps)).* 1440 99% 14400<br>
#refresh_pattern -i (yimg|twimg)\.com\.* 1440 100%<br>
#refresh_pattern -i (ytimg|ggpht)\.com\.* 1440 80% 129600<br>
refresh_pattern -i (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar|ggpht)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 14400 99% 14400<br>
refresh_pattern \.(ico|video-stats) 1440 99% 14400<br>
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400<br>
refresh_pattern -i \.disquscdn.\* 14400 90% 20080<br>
#cache microsoft and adobe and other documents<br>
refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|ps)$ 100000 90% 200000 refresh-ims<br>
refresh_pattern -i \.(xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt)$ 100000 90% 200000 refresh-ims<br>
#refresh_pattern -i windowsupdate.com/.*\.(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200
<br>
refresh_pattern -i (.+\.||)microsoft.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|iso|psf) 10080 100% 172800 refresh-ims<br>
refresh_pattern -i (.+\.||)windowsupdate.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|iso|psf) 10080 100% 172800 refresh-ims<br>
#refresh_pattern ([^.]+.)?(download|(windows)?update).(microsoft.)?com/.*.(cab|exe|msi|msp|psf|wma|wmv|msu|msf|dat|zip) 10080 100% 43200 refresh-ims<br>
refresh_pattern . 0 40% 40320<br>
<br>
###########################################################################<br>
# Other Options<br>
###########################################################################<br>
quick_abort_min 1024 KB<br>
quick_abort_max 2048 KB<br>
quick_abort_pct 90<br>
memory_pools off<br>
memory_pools_limit 0<br>
ignore_unknown_nameservers on<br>
#negative_ttl 10<br>
request_body_max_size 0 KB<br>
forward_timeout 4 minutes<br>
forwarded_for off<br>
request_header_access X-Forwarded-For deny all<br>
read_timeout 2 minutes<br>
request_timeout 2 minutes<br>
client_lifetime 1 day<br>
half_closed_clients off<br>
shutdown_lifetime 2 second<br>
ipcache_size 51200<br>
ipcache_low 90<br>
ipcache_high 95<br>
icp_port 0<br>
htcp_port 0<br>
icp_access deny all<br>
htcp_access deny all<br>
visible_hostname proxy<br>
client_db on<br>
pinger_enable off<br>
strip_query_terms on<br>
debug_options ALL,1 33,2 28,9<br>
coredump_dir /var/spool/squid3<br>
read_ahead_gap 1 MB<br>
forward_max_tries 25<br>
###########################################################################<br>
# DNS and FTP options<br>
###########################################################################<br>
ftp_passive on<br>
ftp_sanitycheck off<br>
ftp_telnet_protocol off<br>
positive_dns_ttl 6 hours<br>
dns_v4_first on<br>
dns_timeout 2 minutes<br>
negative_dns_ttl 300 seconds<br>
</font></p>
<p><font face="Bitstream Charter">Thanks!<br>
</font></p>
<br>
<div class="moz-signature">-- <br>
<b>@verovan</b></div>
</body>
</html>