<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">23.03.2018 05:08, Keith Hartley пишет:<br>
</div>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.gt-baf-word-clickable
{mso-style-name:gt-baf-word-clickable;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext">I don’t need
it to cache anything – the goal of it is not performance
optimization, it is to provide restricted access to the
internet. I have 1200 Mbps of network i/o available to the
squid servers and can confirm I am able to reliably achieve
at least 800 Mbps when I download something directly on the
squid server. Additionally, it would be extremely rare that
the same file ever would get downloaded more than once, if
it ever actually happens.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">By policy
none of the servers may have direct internet access. This is
to protect the data contained in the environment. Only one 4
bit subnet has internet access, where the squids are
located, and 8 of the 45 servers need restricted internet
access.</span></p>
</div>
</blockquote>
Now your protects nothing. You don't have any advanced ACLs in your
config.<br>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">This config
is complete at least in a base configuration. If I have time
in the project I am going to add URI restrictions. The 8
servers will only need to get to about 30-40 static URIs in
total and want to block the others, but first I need to get
the throughput up.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">I have 800
Mbps minimum available bandwidth to the squid servers that I
can confirm is available in download tests from the squids.
I have 1200 Mbps (these are Azure virtual machines) of
bandwidth available in both directions between the servers
that use the squids and the squids.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">However on
large files I am only getting 115 Kbps sustained download
speeds.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Now if squid
needs to be able to buffer the downloads to cache in order
to perform well – I could enable caching if that is the
case, but would prefer to not cache anything. I very
seriously doubt that I will ever download the same file two
times in this environment as the only thing being downloaded
is software updates that are centrally distributed from
WSUS, and antivirus definitions that are released about 6-10
times per day. Most of the traffic is also https, with very
little http.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">Is it the
case that I may see better performance if I configure it to
cache the files first before sending it to clients?</span></p>
</div>
</blockquote>
Nothing above can not be solved by trivial border firewall.<br>
<br>
Just imagine - now you have useless server which not buffers network
IO.<br>
<br>
Ideally just drop it. And setup border firewall. This solves all of
your problems.<br>
<br>
Squid's (especially Windows Squid) is not appropriate tool here.<br>
<blockquote type="cite"
cite="mid:SN1PR06MB175846A00C2B8602EB816BADEEA90@SN1PR06MB1758.namprd06.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:windowtext"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:windowtext">Keith Hartley<o:p></o:p></span></b></p>
<p class="MsoNormal"><i><span style="color:windowtext">Network
Engineer II<o:p></o:p></span></i></p>
<p class="MsoNormal"><a href="mailto:khartley@geocent.com"
moz-do-not-send="true">khartley@geocent.com</a><span
style="color:windowtext"><o:p></o:p></span></p>
<p class="MsoNormal"><a href="http://www.geocent.com"
moz-do-not-send="true">www.geocent.com</a><span
style="color:windowtext"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> squid-users
[<a class="moz-txt-link-freetext" href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>]
<b>On Behalf Of </b>Yuri<br>
<b>Sent:</b> Thursday, March 22, 2018 5:39 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<b>Subject:</b> Re: [squid-users] Squid for windows Very
slow downloads of large files through squid with normal
uploads<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">22.03.2018 23:10, Keith Hartley пишет:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">I am using squid 3.5 for windows as a
transparent proxy to provide internet access to 7 servers in
a secure environment that otherwise does not have internet
access. I have two squids running behind a load balancer,
each one is running server 2016 core with 2 Xeon processors
that is either haswell generation with 1:1 physical
processor to virtual processor mapping or a hyper-threading
Broadwell generation processor that is 1:1 logical processor
to virtual processor mapping, depending on how they are
provisioned when they get started.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Doing a bandwidth test directly in the VM
I am able to get internet throughput of 800-1200 Mbps.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Doing a file copy to and from the VM I am
able to get 1200 Mbps lan throughput.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In proxied uploads I have observed speeds
as high as 120 Mbps, which is more than enough for what I
need and the bottleneck is likely in the backup software
rather than squid. Uploads performance I am not worried
about where they are at now – even if I only got 20-30 Mbps
it would be adequate for what I need it for.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Downloads however are very slow. Small
files do not seem to be impacted. Using the test a
thinkbroadband.com/download, files up to 20 Mb will download
at a reasonable 20-30 Mbps, but when I get to 50, it slows
down to about 17 Mbps, and when I download AD Connect from
Microsoft, which is about 80 Mb, I can see it start at about
30 Mbps, but eventually goes down to about 115 kbps and
levels off. When I put an IP on the server I am using for
testing that proxies through squid, I am able to download
the file at several hundred mbps. When I download the same
file on the squid server – I can’t tell exactly what
throughput I was getting, but the 80 Mb file downloaded
within 5 seconds.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In both squid servers, other than when
the servers were booting, processor activity has not
exceeded 9% in the last 7 days but usually sits below 2%.
Memory usage has not exceeded 2 Gb, leaving 2 Gb free.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I am using OpenDNS for a DNS source, and
have tried changing DNS to level3 but it made no performance
difference.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I think that this may be squid trying to
cache something, but had tried to turn all caching off.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">My cache.log doesn’t really have anything
interesting in it that I can see. It’s the same ~30 or so
log entries each time the service starts, and that is about
it. Here it is:
<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Set Current
Directory to /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Starting Squid
Cache version 3.5.27 for x86_64-unknown-cygwin...<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Service Name:
squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Process ID 1164<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Process Roles:
worker<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| With 3200 file
descriptors available<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Initializing IP
Cache...<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| parseEtcHosts:
/etc/hosts: (2) No such file or directory<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| DNS Socket
created at [::], FD 5<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| DNS Socket
created at 0.0.0.0, FD 6<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adding
nameserver 208.67.222.222 from squid.conf<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adding
nameserver 208.67.220.220 from squid.conf<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Logfile:
opening log daemon:/var/log/squid/access.log<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Logfile Daemon:
opening log /var/log/squid/access.log<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| WARNING:
no_suid: setuid(0): (22) Invalid argument<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Store logging
disabled<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Swap maxSize 0
+ 262144 KB, estimated 20164 objects<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Target number
of buckets: 1008<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Using 8192
Store buckets<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Max Mem size:
262144 KB<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Max Swap size:
0 KB<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Using Least
Load store dir selection<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Set Current
Directory to /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Finished
loading MIME types and icons.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| HTCP Disabled.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Squid plugin
modules loaded: 0<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Adaptation
support is off.<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:27 kid1| Accepting HTTP
Socket connections at local=[::]:3128 remote=[::] FD 10
flags=9<o:p></o:p></p>
<p class="MsoNormal">2018/03/22 09:47:28 kid1|
storeLateRelease: released 0 objects<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">And this is my squid.conf:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Recommended minimum configuration:<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Example rule allowing access from your
local networks.<o:p></o:p></p>
<p class="MsoNormal"># Adapt to list your (internal) IP
networks from where browsing<o:p></o:p></p>
<p class="MsoNormal"># should be allowed<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 10.0.0.0/8 #
RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 172.16.0.0/12 #
RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 192.168.0.0/16 #
RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">acl localnet src fc00::/7 # RFC
4193 local private network range<o:p></o:p></p>
<p class="MsoNormal">acl localnet src fe80::/10 # RFC
4291 link-local (directly plugged) machines<o:p></o:p></p>
<p class="MsoNormal">acl WSUS src 192.168.225.4/32<o:p></o:p></p>
<p class="MsoNormal">acl BACKUP src 192.168.225.11/32<o:p></o:p></p>
<p class="MsoNormal">acl ADFS src 192.168.224.7/32<o:p></o:p></p>
<p class="MsoNormal">acl ADFS src 192.168.228.8/32<o:p></o:p></p>
<p class="MsoNormal">acl DEVWEB src 192.168.226.6/32<o:p></o:p></p>
<p class="MsoNormal">acl UATWEB src 192.168.226.13/32<o:p></o:p></p>
<p class="MsoNormal">acl PRDWEB src 192.168.226.8/32<o:p></o:p></p>
<p class="MsoNormal">acl PRDWEB src 192.168.226.9/32<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">acl SSL_ports port 443<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 80
# http<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port 21
# ftp<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 443
# https<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port 70
# gopher<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
210 # wais<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
1025-65535 # unregistered ports<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
280 # http-mgmt<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
488 # gss-http<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
591 # filemaker<o:p></o:p></p>
<p class="MsoNormal">#acl Safe_ports port
777 # multiling http<o:p></o:p></p>
<p class="MsoNormal">acl CONNECT method CONNECT<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Recommended minimum Access Permission
configuration:<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Only allow cachemgr access from
localhost<o:p></o:p></p>
<p class="MsoNormal">#http_access allow localhost manager<o:p></o:p></p>
<p class="MsoNormal">#http_access deny manager<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Deny requests to certain unsafe ports<o:p></o:p></p>
<p class="MsoNormal">http_access deny !Safe_ports<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Deny CONNECT to other than secure SSL
ports<o:p></o:p></p>
<p class="MsoNormal">http_access deny CONNECT !SSL_ports<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># We strongly recommend the following be
uncommented to protect innocent<o:p></o:p></p>
<p class="MsoNormal"># web applications running on the proxy
server who think the only<o:p></o:p></p>
<p class="MsoNormal"># one who can access services on
"localhost" is a local user<o:p></o:p></p>
<p class="MsoNormal">#http_access deny to_localhost<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># INSERT YOUR OWN RULE(S) HERE TO ALLOW
ACCESS FROM YOUR CLIENTS<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Example rule allowing access from your
local networks.<o:p></o:p></p>
<p class="MsoNormal"># Adapt localnet in the ACL section to
list your (internal) IP networks<o:p></o:p></p>
<p class="MsoNormal"># from where browsing should be allowed<o:p></o:p></p>
<p class="MsoNormal">http_access allow localnet<o:p></o:p></p>
<p class="MsoNormal">http_access allow localhost<o:p></o:p></p>
<p class="MsoNormal">http_access allow WSUS<o:p></o:p></p>
<p class="MsoNormal">http_access allow ADFS<o:p></o:p></p>
<p class="MsoNormal">http_access allow BACKUP<o:p></o:p></p>
<p class="MsoNormal">http_access allow DEVWEB<o:p></o:p></p>
<p class="MsoNormal">http_access allow UATWEB<o:p></o:p></p>
<p class="MsoNormal">http_access allow PRDWEB<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># And finally deny all other access to
this proxy<o:p></o:p></p>
<p class="MsoNormal">http_access deny all<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Squid normally listens to port 3128<o:p></o:p></p>
<p class="MsoNormal">http_port 3128<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Uncomment the line below to enable disk
caching - path format is /cygdrive/<full path to cache
folder>, i.e.<o:p></o:p></p>
<p class="MsoNormal">#cache_dir aufs /cygdrive/d/squid/cache
3000 16 256<o:p></o:p></p>
<p class="MsoNormal">cache deny all<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Leave coredumps in the first cache dir<o:p></o:p></p>
<p class="MsoNormal">coredump_dir /var/cache/squid<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># Add any of your own refresh_pattern
entries above these.<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern ^ftp:
1440 20% 10080<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern ^gopher:
1440 0% 1440<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern -i (/cgi-bin/|\?)
0 0% 0<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern
. 0 20% 4320<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">dns_nameservers 208.67.222.222
208.67.220.220<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">max_filedescriptors 3200<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Does anyone see anything I am missing
here?<o:p></o:p></p>
</blockquote>
<p class="MsoNormal">Yes. In your almost default configuration
(it is complete squid.conf?) obvious thing is:<br>
<br>
a) You do not use on-disk cache.<br>
b) You use memory cache by default - i.e. 256 Mb. <br>
c) You cache nothing due to deny all cache. So, it makes
useless cache_mem default.<br>
d) Your configuration technically useless. I see neither
proxying parameters, nor caching. Your squid now only
additional hop for files. No more.<br>
<br>
So, squid nothing to do here. It simple should retransmit GET
(GET?) request to server, and, without any caching/storing,
retransmit it to user.<br>
<br>
Still correct?<br>
<br>
This put us directly to raw network IO. Without any buffering
(which can be - but don't - your squid).<br>
<br>
On your place, I can start playing around with cache_mem
parameter; of course, only after removing cache deny all.<br>
<br>
And after some experiments, may be, will make <span
class="gt-baf-word-clickable">
decision</span> about drop out useless Squid's box.<br>
<br>
Seriously, what role of squid's here? Just setup border
firewall to your servers to access it to Internet. It will be
enough.<br>
<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">My access.log doesn’t really have
anything interesting in it either, it just looks like it is
working normally. I can attach that too if anyone wants to
look at it after I redact some of the hosts.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:#0072BE">Keith Hartley</span></b><o:p></o:p></p>
<p class="MsoNormal"><i>Network Engineer II</i><o:p></o:p></p>
<p class="MsoNormal"><i>MCSE: Productivity, MCSA: Server 2008,
2012, Office 365 </i>
|<o:p></o:p></p>
<p class="MsoNormal"><i>Certified Meraki Network Associate,
Security+</i><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt">Geocent,
LLC</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">o:</span></b><span
style="color:#8BC541">
</span>504-405-3578<o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">a:</span></b><span
style="color:#8BC541">
</span>2219 Lakeshore drive Ste 300, New Orleans, LA 70122<o:p></o:p></p>
<p class="MsoNormal"><b><span style="color:#8BC541">w:</span></b><span
style="color:#8BC541">
</span><a href="http://www.geocent.com/"
moz-do-not-send="true">www.geocent.com</a>|<b><span
style="color:#8BC541"> e:</span></b><span
style="color:#8BC541">
</span><a href="mailto:khartley@geocent.com"
moz-do-not-send="true">khartley@geocent.com</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><b><i><u><span style="font-size:8.0pt">Confidentiality
Notice:<o:p></o:p></span></u></i></b></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:6.0pt">This
email communication may contain confidential
information, may be legally privileged, and is intended
only for the use of the intended recipients(s)
identified. Any unauthorized review, use, distribution,
downloading, or copying of this communication is
strictly prohibited. If you are not the intended
recipient and have received this message in error,
immediately notify the sender by reply email, delete the
communication, and destroy all copies. Thank you.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>squid-users mailing list<o:p></o:p></pre>
<pre><a href="mailto:squid-users@lists.squid-cache.org" moz-do-not-send="true">squid-users@lists.squid-cache.org</a><o:p></o:p></pre>
<pre><a href="http://lists.squid-cache.org/listinfo/squid-users" moz-do-not-send="true">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>"C++ seems like a language suitable for firing other people's legs."<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>*****************************<o:p></o:p></pre>
<pre>* C++20 : Bug to the future *<o:p></o:p></pre>
<pre>*****************************<o:p></o:p></pre>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************</pre>
</body>
</html>