<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><span id="result_box" class="" lang="en"><span class="">Your task
is simple - you need a simple control of access to the
Internet, for servers, without any caching.</span> <span
class="">Squid here is excessive, moreover, in your
configuration it gives an excessive overhead.</span></span></p>
<p><span id="result_box" class="" lang="en"><span class="">You not
requires advanced requests processing, SSL bumping, content
adaptation, AV real-time checking, advanced caching, content
compression - am I right yet?</span></span></p>
<p><span id="result_box" class="" lang="en"><span class="">So,
firewall is enough.<br>
</span></span></p>
<br>
<div class="moz-cite-prefix">23.03.2018 05:11, Yuri пишет:<br>
</div>
<blockquote type="cite"
cite="mid:07541384-9f4b-1d2b-3905-661cefa618ac@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">23.03.2018 05:08, Keith Hartley
пишет:<br>
</div>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.gt-baf-word-clickable
{mso-style-name:gt-baf-word-clickable;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext">I don’t
need it to cache anything – the goal of it is not
performance optimization, it is to provide restricted
access to the internet. I have 1200 Mbps of network i/o
available to the squid servers and can confirm I am able
to reliably achieve at least 800 Mbps when I download
something directly on the squid server. Additionally, it
would be extremely rare that the same file ever would get
downloaded more than once, if it ever actually happens.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">By policy
none of the servers may have direct internet access. This
is to protect the data contained in the environment. Only
one 4 bit subnet has internet access, where the squids are
located, and 8 of the 45 servers need restricted internet
access.</span></p>
</div>
</blockquote>
Now your protects nothing. You don't have any advanced ACLs in
your config.<br>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">This
config is complete at least in a base configuration. If I
have time in the project I am going to add URI
restrictions. The 8 servers will only need to get to about
30-40 static URIs in total and want to block the others,
but first I need to get the throughput up.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">I have 800
Mbps minimum available bandwidth to the squid servers that
I can confirm is available in download tests from the
squids. I have 1200 Mbps (these are Azure virtual
machines) of bandwidth available in both directions
between the servers that use the squids and the squids.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">However on
large files I am only getting 115 Kbps sustained download
speeds.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Now if
squid needs to be able to buffer the downloads to cache in
order to perform well – I could enable caching if that is
the case, but would prefer to not cache anything. I very
seriously doubt that I will ever download the same file
two times in this environment as the only thing being
downloaded is software updates that are centrally
distributed from WSUS, and antivirus definitions that are
released about 6-10 times per day. Most of the traffic is
also https, with very little http.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Is it the
case that I may see better performance if I configure it
to cache the files first before sending it to clients?</span></p>
</div>
</blockquote>
Nothing above can not be solved by trivial border firewall.<br>
<br>
Just imagine - now you have useless server which not buffers
network IO.<br>
<br>
Ideally just drop it. And setup border firewall. This solves all
of your problems.<br>
<br>
Squid's (especially Windows Squid) is not appropriate tool here.<br>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:windowtext"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:windowtext">Keith
Hartley<o:p></o:p></span></b></p>
<p class="MsoNormal"><i><span style="color:windowtext">Network
Engineer II<o:p></o:p></span></i></p>
<p class="MsoNormal"><a href="mailto:khartley@geocent.com"
moz-do-not-send="true">khartley@geocent.com</a><span
style="color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><a href="http://www.geocent.com"
moz-do-not-send="true">www.geocent.com</a><span
style="color:windowtext"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> squid-users [<a
class="moz-txt-link-freetext"
href="mailto:squid-users-bounces@lists.squid-cache.org"
moz-do-not-send="true">mailto:squid-users-bounces@lists.squid-cache.org</a>]
<b>On Behalf Of </b>Yuri<br>
<b>Sent:</b> Thursday, March 22, 2018 5:39 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated"
href="mailto:squid-users@lists.squid-cache.org"
moz-do-not-send="true">squid-users@lists.squid-cache.org</a><br>
<b>Subject:</b> Re: [squid-users] Squid for windows
Very slow downloads of large files through squid with
normal uploads<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">22.03.2018 23:10, Keith Hartley пишет:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">I am using squid 3.5 for windows as a
transparent proxy to provide internet access to 7 servers
in a secure environment that otherwise does not have
internet access. I have two squids running behind a load
balancer, each one is running server 2016 core with 2 Xeon
processors that is either haswell generation with 1:1
physical processor to virtual processor mapping or a
hyper-threading Broadwell generation processor that is 1:1
logical processor to virtual processor mapping, depending
on how they are provisioned when they get started.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Doing a bandwidth test directly in the
VM I am able to get internet throughput of 800-1200 Mbps.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Doing a file copy to and from the VM I
am able to get 1200 Mbps lan throughput.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In proxied uploads I have observed
speeds as high as 120 Mbps, which is more than enough for
what I need and the bottleneck is likely in the backup
software rather than squid. Uploads performance I am not
worried about where they are at now – even if I only got
20-30 Mbps it would be adequate for what I need it for.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Downloads however are very slow. Small
files do not seem to be impacted. Using the test a
thinkbroadband.com/download, files up to 20 Mb will
download at a reasonable 20-30 Mbps, but when I get to 50,
it slows down to about 17 Mbps, and when I download AD
Connect from Microsoft, which is about 80 Mb, I can see it
start at about 30 Mbps, but eventually goes down to about
115 kbps and levels off. When I put an IP on the server I
am using for testing that proxies through squid, I am able
to download the file at several hundred mbps. When I
download the same file on the squid server – I can’t tell
exactly what throughput I was getting, but the 80 Mb file
downloaded within 5 seconds.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In both squid servers, other than when
the servers were booting, processor activity has not
exceeded 9% in the last 7 days but usually sits below 2%.
Memory usage has not exceeded 2 Gb, leaving 2 Gb free.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I am using OpenDNS for a DNS source,
and have tried changing DNS to level3 but it made no
performance difference.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I think that this may be squid trying
to cache something, but had tried to turn all caching off.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">My cache.log doesn’t really have
anything interesting in it that I can see. It’s the same
~30 or so log entries each time the service starts, and
that is about it. Here it is: <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Set Current
Directory to /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Starting
Squid Cache version 3.5.27 for x86_64-unknown-cygwin...<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Service Name:
squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Process ID
1164<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Process
Roles: worker<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| With 3200
file descriptors available<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Initializing
IP Cache...<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1|
parseEtcHosts: /etc/hosts: (2) No such file or directory<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| DNS Socket
created at [::], FD 5<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| DNS Socket
created at 0.0.0.0, FD 6<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adding
nameserver 208.67.222.222 from squid.conf<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adding
nameserver 208.67.220.220 from squid.conf<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Logfile:
opening log daemon:/var/log/squid/access.log<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Logfile
Daemon: opening log /var/log/squid/access.log<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| WARNING:
no_suid: setuid(0): (22) Invalid argument<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Store logging
disabled<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Swap maxSize
0 + 262144 KB, estimated 20164 objects<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Target number
of buckets: 1008<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Using 8192
Store buckets<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Max Mem
size: 262144 KB<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Max Swap
size: 0 KB<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Using Least
Load store dir selection<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Set Current
Directory to /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Finished
loading MIME types and icons.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| HTCP
Disabled.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Squid plugin
modules loaded: 0<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adaptation
support is off.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Accepting
HTTP Socket connections at local=[::]:3128 remote=[::] FD
10 flags=9<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:28 kid1|
storeLateRelease: released 0 objects<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">And this is my squid.conf:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Recommended minimum configuration:<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Example rule allowing access from
your local networks.<o:p></o:p></p>
<p class="MsoNormal"># Adapt to list your (internal) IP
networks from where browsing<o:p></o:p></p>
<p class="MsoNormal"># should be allowed<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 10.0.0.0/8
# RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 172.16.0.0/12 #
RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 192.168.0.0/16 #
RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">acl localnet src fc00::/7 # RFC
4193 local private network range<o:p></o:p></p>
<p class="MsoNormal">acl localnet src fe80::/10 # RFC
4291 link-local (directly plugged) machines<o:p></o:p></p>
<p class="MsoNormal">acl WSUS src 192.168.225.4/32<o:p></o:p></p>
<p class="MsoNormal">acl BACKUP src 192.168.225.11/32<o:p></o:p></p>
<p class="MsoNormal">acl ADFS src 192.168.224.7/32<o:p></o:p></p>
<p class="MsoNormal">acl ADFS src 192.168.228.8/32<o:p></o:p></p>
<p class="MsoNormal">acl DEVWEB src 192.168.226.6/32<o:p></o:p></p>
<p class="MsoNormal">acl UATWEB src 192.168.226.13/32<o:p></o:p></p>
<p class="MsoNormal">acl PRDWEB src 192.168.226.8/32<o:p></o:p></p>
<p class="MsoNormal">acl PRDWEB src 192.168.226.9/32<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">acl SSL_ports port 443<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port
80 # http<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
21 # ftp<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port
443 # https<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
70 # gopher<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
210 # wais<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
1025-65535 # unregistered ports<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
280 # http-mgmt<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
488 # gss-http<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
591 # filemaker<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
777 # multiling http<o:p></o:p></p>
<p class="MsoNormal">acl CONNECT method CONNECT<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Recommended minimum Access Permission
configuration:<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Only allow cachemgr access from
localhost<o:p></o:p></p>
<p class="MsoNormal">#http_access allow localhost manager<o:p></o:p></p>
<p class="MsoNormal">#http_access deny manager<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Deny requests to certain unsafe ports<o:p></o:p></p>
<p class="MsoNormal">http_access deny !Safe_ports<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Deny CONNECT to other than secure SSL
ports<o:p></o:p></p>
<p class="MsoNormal">http_access deny CONNECT !SSL_ports<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># We strongly recommend the following
be uncommented to protect innocent<o:p></o:p></p>
<p class="MsoNormal"># web applications running on the proxy
server who think the only<o:p></o:p></p>
<p class="MsoNormal"># one who can access services on
"localhost" is a local user<o:p></o:p></p>
<p class="MsoNormal">#http_access deny to_localhost<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># INSERT YOUR OWN RULE(S) HERE TO ALLOW
ACCESS FROM YOUR CLIENTS<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Example rule allowing access from
your local networks.<o:p></o:p></p>
<p class="MsoNormal"># Adapt localnet in the ACL section to
list your (internal) IP networks<o:p></o:p></p>
<p class="MsoNormal"># from where browsing should be allowed<o:p></o:p></p>
<p class="MsoNormal">http_access allow localnet<o:p></o:p></p>
<p class="MsoNormal">http_access allow localhost<o:p></o:p></p>
<p class="MsoNormal">http_access allow WSUS<o:p></o:p></p>
<p class="MsoNormal">http_access allow ADFS<o:p></o:p></p>
<p class="MsoNormal">http_access allow BACKUP<o:p></o:p></p>
<p class="MsoNormal">http_access allow DEVWEB<o:p></o:p></p>
<p class="MsoNormal">http_access allow UATWEB<o:p></o:p></p>
<p class="MsoNormal">http_access allow PRDWEB<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># And finally deny all other access to
this proxy<o:p></o:p></p>
<p class="MsoNormal">http_access deny all<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Squid normally listens to port 3128<o:p></o:p></p>
<p class="MsoNormal">http_port 3128<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Uncomment the line below to enable
disk caching - path format is /cygdrive/<full path to
cache folder>, i.e.<o:p></o:p></p>
<p class="MsoNormal">#cache_dir aufs /cygdrive/d/squid/cache
3000 16 256<o:p></o:p></p>
<p class="MsoNormal">cache deny all<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Leave coredumps in the first cache
dir<o:p></o:p></p>
<p class="MsoNormal">coredump_dir /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Add any of your own refresh_pattern
entries above these.<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern
^ftp: 1440 20% 10080<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern ^gopher:
1440 0% 1440<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern -i (/cgi-bin/|\?)
0 0% 0<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern
. 0 20%
4320<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">dns_nameservers 208.67.222.222
208.67.220.220<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">max_filedescriptors 3200<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Does anyone see anything I am missing
here?<o:p></o:p></p>
</blockquote>
<p class="MsoNormal">Yes. In your almost default configuration
(it is complete squid.conf?) obvious thing is:<br>
<br>
a) You do not use on-disk cache.<br>
b) You use memory cache by default - i.e. 256 Mb. <br>
c) You cache nothing due to deny all cache. So, it makes
useless cache_mem default.<br>
d) Your configuration technically useless. I see neither
proxying parameters, nor caching. Your squid now only
additional hop for files. No more.<br>
<br>
So, squid nothing to do here. It simple should retransmit
GET (GET?) request to server, and, without any
caching/storing, retransmit it to user.<br>
<br>
Still correct?<br>
<br>
This put us directly to raw network IO. Without any
buffering (which can be - but don't - your squid).<br>
<br>
On your place, I can start playing around with cache_mem
parameter; of course, only after removing cache deny all.<br>
<br>
And after some experiments, may be, will make <span
class="gt-baf-word-clickable"> decision</span> about drop
out useless Squid's box.<br>
<br>
Seriously, what role of squid's here? Just setup border
firewall to your servers to access it to Internet. It will
be enough.<br>
<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">My access.log doesn’t really have
anything interesting in it either, it just looks like it
is working normally. I can attach that too if anyone wants
to look at it after I redact some of the hosts.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:#0072BE">Keith Hartley</span></b><o:p></o:p></p>
<p class="MsoNormal"><i>Network Engineer II</i><o:p></o:p></p>
<p class="MsoNormal"><i>MCSE: Productivity, MCSA: Server
2008, 2012, Office 365 </i> |<o:p></o:p></p>
<p class="MsoNormal"><i>Certified Meraki Network Associate,
Security+</i><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt">Geocent,
LLC</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">o:</span></b><span
style="color:#8BC541"> </span>504-405-3578<o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">a:</span></b><span
style="color:#8BC541"> </span>2219 Lakeshore drive Ste
300, New Orleans, LA 70122<o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">w:</span></b><span
style="color:#8BC541"> </span><a
href="http://www.geocent.com/" moz-do-not-send="true">www.geocent.com</a>|<b><span
style="color:#8BC541"> e:</span></b><span
style="color:#8BC541"> </span><a
href="mailto:khartley@geocent.com"
moz-do-not-send="true">khartley@geocent.com</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><b><i><u><span
style="font-size:8.0pt">Confidentiality Notice:<o:p></o:p></span></u></i></b></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:6.0pt">This
email communication may contain confidential
information, may be legally privileged, and is
intended only for the use of the intended
recipients(s) identified. Any unauthorized review,
use, distribution, downloading, or copying of this
communication is strictly prohibited. If you are not
the intended recipient and have received this message
in error, immediately notify the sender by reply
email, delete the communication, and destroy all
copies. Thank you.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>squid-users mailing list<o:p></o:p></pre>
<pre><a href="mailto:squid-users@lists.squid-cache.org" moz-do-not-send="true">squid-users@lists.squid-cache.org</a><o:p></o:p></pre>
<pre><a href="http://lists.squid-cache.org/listinfo/squid-users" moz-do-not-send="true">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>"C++ seems like a language suitable for firing other people's legs."<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>*****************************<o:p></o:p></pre>
<pre>* C++20 : Bug to the future *<o:p></o:p></pre>
<pre>*****************************<o:p></o:p></pre>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************</pre>
</body>
</html>