Indunil Jayasooriya wrote:
> Hi ,
>
> my squid box became quite slow after adding ACLs. they use ncsa_auth.
> belwo are a few Acls.
>
>
> # These IPs have access to sites given in ACL paxarusers with password
> acl paxarusers src 172.23.1.86
> acl dstallowed4paxarusers dstdomain .paxaronline.com .dhl.com .dhl.com.lk
> acl ncsa_users proxy_auth required
> http_access allow paxarusers dstallowed4paxarusers ncsa_users
> http_access deny paxarusers
>
> # These IPS have access to sites given in ACL shipping with password
> acl shipping src 172.23.1.73 172.23.1.88 172.23.1.95
> acl dstallowed4shipping dstdomain .apl.com .hanjin.com .maersk.com
> .mpower-shipper.com .tradecard.com .onlanka.com .dhl.com .
> dhl.com.lk .wde.eserviceslanka.com .corporate.ndbbank.com .hsbcnet.com .slpa.lk
> acl ncsa_users proxy_auth required
> http_access allow shipping dstallowed4shipping ncsa_users
> http_access deny shipping
>
> # These IPS have access to sites given in ACL Nike with password
> acl nike src 172.23.3.13 172.23.3.36 172.23.1.79 172.23.3.61
> 172.23.1.35 172.23.1.174 172.23.1.38 172.23.1.104
> acl dstallowed4nike dstdomain .george.tactivity.com .nike.com
> .nikeconnect.com .google.com .google.lk .dhl.com .dhl.com.lk .a
> verydennison.com
> acl ncsa_users proxy_auth required
> http_access allow nike dstallowed4nike ncsa_users
> http_access deny nike
>
> #these have FULL ACCESS without password
> acl mynet src 172.23.0.0/255.255.0.0
> http_access allow mynet
>
> Is it because of the above ACls.
>
> Any advice is expected.
define 'slow'. 10MB/sec? 15sec/page? :-)
Maybe indirectly, and most visible with the ACLs.
Auth is often slowed, by congestion on the network between squid and the
auth server. Or slow helper. Lag between the client and squid on 407
messages. Or slow auth server software (usually seen with samba capping
out).
You will need to find a trace of whats being done when its 'slow' and
start looking for factors which might cause it.
Amos
-- Please use Squid 2.7.STABLE3 or 3.0.STABLE8Received on Mon Aug 11 2008 - 13:19:16 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 11 2008 - 12:00:02 MDT