Re: [squid-users] Squid 3-5 CPU optimization and best practise .
FYI; CPU in Squid is primarily consumed by two things: 1) parsing and processing HTTP message headers. The only thing you can do about this is detect and reject unwanted traffic as early as possible. Your OS firewall is obviously the early line of defense. Preventing unwanted network ranges from reaching Squid listening ports saves Squid from spending CPU cycles looking up details about those unwanted clients. Then for clients who are potentially valid the default http_access rules reject dangerous traffic quickly and efficiently. Make sure any custom http_access rules are listed *after* those ones. Then see (2). 2) processing access controls (ACL checks). To optimize this needs attention to what order ACLs are tested in versus how complex they are to process. How many CPU cycles are consumed managing any resources they or other processes they trigger is also important. If you want a free optimization review please post your full squid.conf (just without the documentation comments and empty lines). Then we can point out any performance tricks you may not yet be using. Beyond those two you are getting into "advanced admin" levels of performance optimization. Where YMMV, Alex has mentioned. Every network is different so none of us can say a specific thing to do that will be better for you. HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] ACL evaluation from ICAP response header
Hello, I was wondering if there is a way to evaluate an ACL from some response from an ICAP server. I have tried returning an ICAP response header in reqmod, but it doesn't seem possible to get at the header using the note ACL. I've not tried adding an HTTP header in ICAP, that may work perhaps, but it doesn't seem a good option in any case. - Jason ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ACL evaluation from ICAP response header
On 4/1/22 11:37, Jason Spashett wrote: I was wondering if there is a way to evaluateĀ an ACL from some response from an ICAP server. I have tried returning an ICAP response header in reqmod, but it doesn't seem possible to get at the header using the note ACL. Squid does not support converting ICAP (meta)headers into annotations. It is a known to-do item. Squid claimed to support converting eCAP meta-headers into annotations, but my recent experiments showed that it was not happening either. I have a fix for eCAP and am working on making it official. A similar change/enhancement will need to be done for ICAP. Meanwhile, you may be able to, in some cases, work around the lack of support by passing "%adapt::external ACL helper (or to a built-in ACL that supports logformat %codes). HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
