Hi,
I am using smoothwall 3.0SP1-polar that comes with Squid2.7STABLE6 built
in. I configure the squid with following parameters. Problem is that
squid works fine for 1 or 2 users but when I open it for whole subnet or
range of IPs, it crashes down. I mean it start behaving wierdly like
most of the time it does not respond to http requests and users have to
keep pressing F5 several times to get the request done. Even access log
does not show any requests coming in. In cache log i find many entries
like "Invalid request" etc. Some times I also find "Cache DIRTY" words
during restart of squid. My ACLs are as follows:
SQUID-Settings
===========
visible_hostname smoothwall
acl localnetgreen src 192.168.4.0/255.255.255.0
http_port 192.168.4.123:800 transparent
cache_mem 1024 MB
maximum_object_size_in_memory 32 KB
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
half_closed_clients off
cache_swap_high 100%
cache_swap_low 95%
shutdown_lifetime 5 seconds
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_effective_user squid
cache_effective_group squid
pid_filename /var/run/squid.pid
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
error_directory /usr/share/errors/English
log_mime_hdrs off
forwarded_for off
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 445 443 441 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # smoothwall http
acl Safe_ports port 21 # ftp
acl Safe_ports port 445 443 441 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#######################################
# ACLs #
#######################################
acl super_users src "/var/smoothwall/proxy/f3_acls/super_users.acl"
acl ISP1_users src "/var/smoothwall/proxy/f3_acls/gerrys_groups.acl"
acl ISP2_users src "/var/smoothwall/proxy/f3_acls/netsat_groups.acl"
acl managers src "/var/smoothwall/proxy/f3_acls/managers.acl"
acl blocked_extensions urlpath_regex -i
"/var/smoothwall/proxy/f3_acls/blocked_extensions.acl"
acl blocked_sites url_regex -i
"/var/smoothwall/proxy/f3_acls/blocked_sites.acl"
acl blocked_request_mt req_mime_type -i
"/var/smoothwall/proxy/f3_acls/blocked_mimetypes.acl"
acl blocked_reply_mt rep_mime_type -i
"/var/smoothwall/proxy/f3_acls/blocked_mimetypes.acl"
acl gaming_sites url_regex -i
"/var/smoothwall/proxy/f3_acls/gaming_sites.acl"
acl server_machines src "/var/smoothwall/proxy/f3_acls/server_machines.acl"
acl working_hours time MTWHF 09:00-12:30
acl working_hours time MTWHF 14:00-18:30
acl gaming_hours time MTWHF 21:00-23:59
acl gaming_hours time MTWHF 01:00-07:00
########################################
# HTTP_ACCESS #
########################################
http_access allow super_users
http_access deny blocked_sites working_hours
http_access deny blocked_request_mt working_hours
http_access deny blocked_reply_mt working_hours
http_access deny gaming_sites !gaming_hours
http_access allow managers
#http_access deny blocked_extensions working_hours
http_access allow ISP1_users
#http_access allow ISP2_users
http_access allow server_machines
http_access deny localnetgreen
umask 022
maximum_object_size 4096 KB
minimum_object_size 0 KB
# Smoothwall does not allow this parameter to be changed. I can only
change cache size
cache_dir diskd /var/spool/squid/cache 10240 16 256
request_body_max_size 0 KB
reply_body_max_size 0 allow all
logfile_rotate 0
strip_query_terms off
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
-- Regards, Asim Ahmed Khan IT Manager, Folio3 (Pvt.) Ltd. www.folio3.com Direct: 92-21-4323721-4 Ext 110 Email: aahmed_at_folio3.comReceived on Wed Dec 02 2009 - 04:43:02 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 02 2009 - 12:00:01 MST