<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><span id="result_box" class="" lang="en"><span>And, if you still
insist that you need a proxy, consider Privoxy.</span> <span
class=""><br>
</span></span></p>
<p><span id="result_box" class="" lang="en"><span class="">Lightweight
primitive HTTP proxy with basic access control, has Windows
implementation, works as service.<br>
</span></span></p>
It will be good enough.<br>
<br>
<a class="moz-txt-link-freetext" href="https://www.privoxy.org/">https://www.privoxy.org/</a><br>
<br>
<div class="moz-cite-prefix">23.03.2018 05:27, Yuri пишет:<br>
</div>
<blockquote type="cite"
cite="mid:634894e6-b954-3fed-bde0-58b84a88eb73@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p><span id="result_box" class="" lang="en"><span class="">Your
task is simple - you need a simple control of access to the
Internet, for servers, without any caching.</span> <span
class="">Squid here is excessive, moreover, in your
configuration it gives an excessive overhead.</span></span></p>
<p><span id="result_box" class="" lang="en"><span class="">You not
requires advanced requests processing, SSL bumping, content
adaptation, AV real-time checking, advanced caching, content
compression - am I right yet?</span></span></p>
<p><span id="result_box" class="" lang="en"><span class="">So,
firewall is enough.<br>
</span></span></p>
<br>
<div class="moz-cite-prefix">23.03.2018 05:11, Yuri пишет:<br>
</div>
<blockquote type="cite"
cite="mid:07541384-9f4b-1d2b-3905-661cefa618ac@gmail.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">23.03.2018 05:08, Keith Hartley
пишет:<br>
</div>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.gt-baf-word-clickable
{mso-style-name:gt-baf-word-clickable;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext">I don’t
need it to cache anything – the goal of it is not
performance optimization, it is to provide restricted
access to the internet. I have 1200 Mbps of network i/o
available to the squid servers and can confirm I am able
to reliably achieve at least 800 Mbps when I download
something directly on the squid server. Additionally, it
would be extremely rare that the same file ever would
get downloaded more than once, if it ever actually
happens.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">By
policy none of the servers may have direct internet
access. This is to protect the data contained in the
environment. Only one 4 bit subnet has internet access,
where the squids are located, and 8 of the 45 servers
need restricted internet access.</span></p>
</div>
</blockquote>
Now your protects nothing. You don't have any advanced ACLs in
your config.<br>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">This
config is complete at least in a base configuration. If
I have time in the project I am going to add URI
restrictions. The 8 servers will only need to get to
about 30-40 static URIs in total and want to block the
others, but first I need to get the throughput up.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">I have
800 Mbps minimum available bandwidth to the squid
servers that I can confirm is available in download
tests from the squids. I have 1200 Mbps (these are Azure
virtual machines) of bandwidth available in both
directions between the servers that use the squids and
the squids.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">However
on large files I am only getting 115 Kbps sustained
download speeds.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Now if
squid needs to be able to buffer the downloads to cache
in order to perform well – I could enable caching if
that is the case, but would prefer to not cache
anything. I very seriously doubt that I will ever
download the same file two times in this environment as
the only thing being downloaded is software updates that
are centrally distributed from WSUS, and antivirus
definitions that are released about 6-10 times per day.
Most of the traffic is also https, with very little
http.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Is it
the case that I may see better performance if I
configure it to cache the files first before sending it
to clients?</span></p>
</div>
</blockquote>
Nothing above can not be solved by trivial border firewall.<br>
<br>
Just imagine - now you have useless server which not buffers
network IO.<br>
<br>
Ideally just drop it. And setup border firewall. This solves all
of your problems.<br>
<br>
Squid's (especially Windows Squid) is not appropriate tool here.<br>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:windowtext"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:windowtext">Keith
Hartley<o:p></o:p></span></b></p>
<p class="MsoNormal"><i><span style="color:windowtext">Network
Engineer II<o:p></o:p></span></i></p>
<p class="MsoNormal"><a href="mailto:khartley@geocent.com"
moz-do-not-send="true">khartley@geocent.com</a><span
style="color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><a href="http://www.geocent.com"
moz-do-not-send="true">www.geocent.com</a><span
style="color:windowtext"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> squid-users [<a
class="moz-txt-link-freetext"
href="mailto:squid-users-bounces@lists.squid-cache.org"
moz-do-not-send="true">mailto:squid-users-bounces@lists.squid-cache.org</a>]
<b>On Behalf Of </b>Yuri<br>
<b>Sent:</b> Thursday, March 22, 2018 5:39 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated"
href="mailto:squid-users@lists.squid-cache.org"
moz-do-not-send="true">squid-users@lists.squid-cache.org</a><br>
<b>Subject:</b> Re: [squid-users] Squid for windows
Very slow downloads of large files through squid
with normal uploads<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">22.03.2018 23:10, Keith Hartley
пишет:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">I am using squid 3.5 for windows as a
transparent proxy to provide internet access to 7
servers in a secure environment that otherwise does not
have internet access. I have two squids running behind a
load balancer, each one is running server 2016 core with
2 Xeon processors that is either haswell generation with
1:1 physical processor to virtual processor mapping or a
hyper-threading Broadwell generation processor that is
1:1 logical processor to virtual processor mapping,
depending on how they are provisioned when they get
started.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Doing a bandwidth test directly in
the VM I am able to get internet throughput of 800-1200
Mbps.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Doing a file copy to and from the VM
I am able to get 1200 Mbps lan throughput.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In proxied uploads I have observed
speeds as high as 120 Mbps, which is more than enough
for what I need and the bottleneck is likely in the
backup software rather than squid. Uploads performance I
am not worried about where they are at now – even if I
only got 20-30 Mbps it would be adequate for what I need
it for.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Downloads however are very slow.
Small files do not seem to be impacted. Using the test a
thinkbroadband.com/download, files up to 20 Mb will
download at a reasonable 20-30 Mbps, but when I get to
50, it slows down to about 17 Mbps, and when I download
AD Connect from Microsoft, which is about 80 Mb, I can
see it start at about 30 Mbps, but eventually goes down
to about 115 kbps and levels off. When I put an IP on
the server I am using for testing that proxies through
squid, I am able to download the file at several hundred
mbps. When I download the same file on the squid server
– I can’t tell exactly what throughput I was getting,
but the 80 Mb file downloaded within 5 seconds.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In both squid servers, other than
when the servers were booting, processor activity has
not exceeded 9% in the last 7 days but usually sits
below 2%. Memory usage has not exceeded 2 Gb, leaving 2
Gb free.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I am using OpenDNS for a DNS source,
and have tried changing DNS to level3 but it made no
performance difference.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I think that this may be squid trying
to cache something, but had tried to turn all caching
off.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">My cache.log doesn’t really have
anything interesting in it that I can see. It’s the same
~30 or so log entries each time the service starts, and
that is about it. Here it is: <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Set Current
Directory to /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Starting
Squid Cache version 3.5.27 for x86_64-unknown-cygwin...<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Service
Name: squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Process ID
1164<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Process
Roles: worker<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| With 3200
file descriptors available<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1|
Initializing IP Cache...<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1|
parseEtcHosts: /etc/hosts: (2) No such file or directory<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| DNS Socket
created at [::], FD 5<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| DNS Socket
created at 0.0.0.0, FD 6<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adding
nameserver 208.67.222.222 from squid.conf<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adding
nameserver 208.67.220.220 from squid.conf<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Logfile:
opening log daemon:/var/log/squid/access.log<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Logfile
Daemon: opening log /var/log/squid/access.log<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| WARNING:
no_suid: setuid(0): (22) Invalid argument<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Store
logging disabled<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Swap
maxSize 0 + 262144 KB, estimated 20164 objects<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Target
number of buckets: 1008<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Using 8192
Store buckets<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Max Mem
size: 262144 KB<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Max Swap
size: 0 KB<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Using Least
Load store dir selection<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Set Current
Directory to /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Finished
loading MIME types and icons.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| HTCP
Disabled.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Squid
plugin modules loaded: 0<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adaptation
support is off.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Accepting
HTTP Socket connections at local=[::]:3128 remote=[::]
FD 10 flags=9<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:28 kid1|
storeLateRelease: released 0 objects<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">And this is my squid.conf:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Recommended minimum configuration:<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Example rule allowing access from
your local networks.<o:p></o:p></p>
<p class="MsoNormal"># Adapt to list your (internal) IP
networks from where browsing<o:p></o:p></p>
<p class="MsoNormal"># should be allowed<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#acl localnet src
10.0.0.0/8 # RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 172.16.0.0/12 #
RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 192.168.0.0/16 #
RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">acl localnet src fc00::/7 # RFC
4193 local private network range<o:p></o:p></p>
<p class="MsoNormal">acl localnet src fe80::/10 # RFC
4291 link-local (directly plugged) machines<o:p></o:p></p>
<p class="MsoNormal">acl WSUS src 192.168.225.4/32<o:p></o:p></p>
<p class="MsoNormal">acl BACKUP src 192.168.225.11/32<o:p></o:p></p>
<p class="MsoNormal">acl ADFS src 192.168.224.7/32<o:p></o:p></p>
<p class="MsoNormal">acl ADFS src 192.168.228.8/32<o:p></o:p></p>
<p class="MsoNormal">acl DEVWEB src 192.168.226.6/32<o:p></o:p></p>
<p class="MsoNormal">acl UATWEB src 192.168.226.13/32<o:p></o:p></p>
<p class="MsoNormal">acl PRDWEB src 192.168.226.8/32<o:p></o:p></p>
<p class="MsoNormal">acl PRDWEB src 192.168.226.9/32<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">acl SSL_ports port 443<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port
80 # http<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
21 # ftp<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port
443 # https<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
70 # gopher<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
210 # wais<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
1025-65535 # unregistered ports<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
280 # http-mgmt<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
488 # gss-http<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
591 # filemaker<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
777 # multiling http<o:p></o:p></p>
<p class="MsoNormal">acl CONNECT method CONNECT<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Recommended minimum Access
Permission configuration:<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Only allow cachemgr access from
localhost<o:p></o:p></p>
<p class="MsoNormal">#http_access allow localhost manager<o:p></o:p></p>
<p class="MsoNormal">#http_access deny manager<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Deny requests to certain unsafe
ports<o:p></o:p></p>
<p class="MsoNormal">http_access deny !Safe_ports<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Deny CONNECT to other than secure
SSL ports<o:p></o:p></p>
<p class="MsoNormal">http_access deny CONNECT !SSL_ports<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># We strongly recommend the following
be uncommented to protect innocent<o:p></o:p></p>
<p class="MsoNormal"># web applications running on the
proxy server who think the only<o:p></o:p></p>
<p class="MsoNormal"># one who can access services on
"localhost" is a local user<o:p></o:p></p>
<p class="MsoNormal">#http_access deny to_localhost<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># INSERT YOUR OWN RULE(S) HERE TO
ALLOW ACCESS FROM YOUR CLIENTS<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Example rule allowing access from
your local networks.<o:p></o:p></p>
<p class="MsoNormal"># Adapt localnet in the ACL section
to list your (internal) IP networks<o:p></o:p></p>
<p class="MsoNormal"># from where browsing should be
allowed<o:p></o:p></p>
<p class="MsoNormal">http_access allow localnet<o:p></o:p></p>
<p class="MsoNormal">http_access allow localhost<o:p></o:p></p>
<p class="MsoNormal">http_access allow WSUS<o:p></o:p></p>
<p class="MsoNormal">http_access allow ADFS<o:p></o:p></p>
<p class="MsoNormal">http_access allow BACKUP<o:p></o:p></p>
<p class="MsoNormal">http_access allow DEVWEB<o:p></o:p></p>
<p class="MsoNormal">http_access allow UATWEB<o:p></o:p></p>
<p class="MsoNormal">http_access allow PRDWEB<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># And finally deny all other access
to this proxy<o:p></o:p></p>
<p class="MsoNormal">http_access deny all<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Squid normally listens to port 3128<o:p></o:p></p>
<p class="MsoNormal">http_port 3128<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Uncomment the line below to enable
disk caching - path format is /cygdrive/<full path to
cache folder>, i.e.<o:p></o:p></p>
<p class="MsoNormal">#cache_dir aufs
/cygdrive/d/squid/cache 3000 16 256<o:p></o:p></p>
<p class="MsoNormal">cache deny all<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Leave coredumps in the first cache
dir<o:p></o:p></p>
<p class="MsoNormal">coredump_dir /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Add any of your own refresh_pattern
entries above these.<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern
^ftp: 1440 20% 10080<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern ^gopher:
1440 0% 1440<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern -i (/cgi-bin/|\?)
0 0% 0<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern
. 0 20%
4320<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">dns_nameservers 208.67.222.222
208.67.220.220<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">max_filedescriptors 3200<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Does anyone see anything I am missing
here?<o:p></o:p></p>
</blockquote>
<p class="MsoNormal">Yes. In your almost default
configuration (it is complete squid.conf?) obvious thing
is:<br>
<br>
a) You do not use on-disk cache.<br>
b) You use memory cache by default - i.e. 256 Mb. <br>
c) You cache nothing due to deny all cache. So, it makes
useless cache_mem default.<br>
d) Your configuration technically useless. I see neither
proxying parameters, nor caching. Your squid now only
additional hop for files. No more.<br>
<br>
So, squid nothing to do here. It simple should retransmit
GET (GET?) request to server, and, without any
caching/storing, retransmit it to user.<br>
<br>
Still correct?<br>
<br>
This put us directly to raw network IO. Without any
buffering (which can be - but don't - your squid).<br>
<br>
On your place, I can start playing around with cache_mem
parameter; of course, only after removing cache deny all.<br>
<br>
And after some experiments, may be, will make <span
class="gt-baf-word-clickable"> decision</span> about
drop out useless Squid's box.<br>
<br>
Seriously, what role of squid's here? Just setup border
firewall to your servers to access it to Internet. It will
be enough.<br>
<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">My access.log doesn’t really have
anything interesting in it either, it just looks like it
is working normally. I can attach that too if anyone
wants to look at it after I redact some of the hosts.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:#0072BE">Keith Hartley</span></b><o:p></o:p></p>
<p class="MsoNormal"><i>Network Engineer II</i><o:p></o:p></p>
<p class="MsoNormal"><i>MCSE: Productivity, MCSA: Server
2008, 2012, Office 365 </i> |<o:p></o:p></p>
<p class="MsoNormal"><i>Certified Meraki Network
Associate, Security+</i><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt">Geocent,
LLC</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">o:</span></b><span
style="color:#8BC541"> </span>504-405-3578<o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">a:</span></b><span
style="color:#8BC541"> </span>2219 Lakeshore drive
Ste 300, New Orleans, LA 70122<o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">w:</span></b><span
style="color:#8BC541"> </span><a
href="http://www.geocent.com/" moz-do-not-send="true">www.geocent.com</a>|<b><span
style="color:#8BC541"> e:</span></b><span
style="color:#8BC541"> </span><a
href="mailto:khartley@geocent.com"
moz-do-not-send="true">khartley@geocent.com</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><b><i><u><span
style="font-size:8.0pt">Confidentiality
Notice:<o:p></o:p></span></u></i></b></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:6.0pt">This
email communication may contain confidential
information, may be legally privileged, and is
intended only for the use of the intended
recipients(s) identified. Any unauthorized review,
use, distribution, downloading, or copying of this
communication is strictly prohibited. If you are not
the intended recipient and have received this
message in error, immediately notify the sender by
reply email, delete the communication, and destroy
all copies. Thank you.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>squid-users mailing list<o:p></o:p></pre>
<pre><a href="mailto:squid-users@lists.squid-cache.org" moz-do-not-send="true">squid-users@lists.squid-cache.org</a><o:p></o:p></pre>
<pre><a href="http://lists.squid-cache.org/listinfo/squid-users" moz-do-not-send="true">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>"C++ seems like a language suitable for firing other people's legs."<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>*****************************<o:p></o:p></pre>
<pre>* C++20 : Bug to the future *<o:p></o:p></pre>
<pre>*****************************<o:p></o:p></pre>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************</pre>
</body>
</html>