Hello,
From the last 2 months our users have been complaining that internet
access is very very slow and downloading files taking lot of
time. Sometimes downloading doesn't happen/stops in between. .
This is my nework setup:
client ----> [ Dansguardian + Squid Proxy] -----> [Gateway Antivirus]
portno: 8080 portno:3128 InterScan VirusWall
---> [Checkpoint FireWall] --------> [ISP Proxy]
Suppose if i point the browser directly to GatewayAntivirus System
internet
access is quite fast and i could download files without any difficulty.
But if i point my browser to the Proxy Server[Dansguardian+squid running
on the same system] , then internet access becomes too slow. Downloading
[ftp/http] of files takes lot of time. Sometimes it says download is
complete, but 0 bytes or it downloads some X% and says Download is
Complete.
Even it downloads fully it takes quite a lot of time. For most of the
file downloading it says Download is Complete, but 0 bytes.
We have 2 Mbps leased line and our staff strength is nearly 350.
Our squid system is running on Linux platform and with 36GB HDD 1GB
memory.
my squid.conf is as follows:
http_port localhost:3128
cache_peer 192.168.70.150 parent 3128 7 default connect-timeout=120
no-query
dead_peer_timeout 600 seconds
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /usr/local/squid/cache 100 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
mime_table /usr/local/squid/etc/mime.conf
pid_filename /usr/local/squid/var/logs/squid.pid
debug_options ALL,1 33,2
ftp_user Squid@mydomain.com
ftp_list_width 32
ftp_passive off
ftp_sanitycheck on
ftp_telnet_protocol on
auth_param basic program /usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
authenticate_ttl 3600
authenticate_ip_ttl 120
request_body_max_size 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny manager all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
authenticate_pogram /usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/passwd
acl domainusers proxy_auth REQUIRED
acl allowed proxy_auth REQUIRED
acl foo proxy_auth REQUIRED
http_access allow domainusers localhost
http_access allow allowed
http_access allow localhost
http_access allow foo
http_access allow CONNECT SSL_ports
http_access deny all
acl INSIDE dstdomain mydomain.com
never_direct deny INSIDE
miss_access allow all
reply_body_max_size 0
cache_mgr manager@mydomain.com
cache_effective_user squid
cache_effective_group squid
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
We are doing both ftp and http downloads squid only. We are not using any
delay pools or restricting any sites for
bandwidth saving.
Can somebody suggest me how to fine tune the above parameters/add new
settings to enable better internet access/download.
Any help is greatly appreciated.
Regards,
Sankar
Received on Tue Sep 28 2004 - 03:29:03 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:03 MDT