On 04/22/2016 09:19 AM, Odhiambo Washington wrote:
> Can I terminate based on time?
Yes. You can terminate based on any information except information
contained inside HTTP messages. Time is always available.
ssl::server_name will give you an approximation of what you call "site".
> By just mod
Can I terminate based on time? By just modifying the bits you wrote for me?
On 17:45, Fri, Apr 22, 2016 Amos Jeffries wrote:
> On 23/04/2016 12:39 a.m., Odhiambo Washington wrote:
> >
> > So is it possible to achieve such a non-intrusive setup, but without
> > 'terminate'?
>
> You declared the r
On 23/04/2016 12:39 a.m., Odhiambo Washington wrote:
>
> So is it possible to achieve such a non-intrusive setup, but without
> 'terminate'?
You declared the requirement "Serve an error page.".
That is intrusive.
As Alex has said repeatedly:
terminate or produce an error. Pick one.
Amos
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
22.04.16 18:39, Odhiambo Washington пишет:
>
>
> On 22 April 2016 at 13:45, Amos Jeffries mailto:squ...@treenet.co.nz>> wrote:
>
> On 22/04/2016 8:23 p.m., Odhiambo Washington wrote:
> >
> > Sure, I am really struggling to understand
On 22 April 2016 at 13:45, Amos Jeffries wrote:
> On 22/04/2016 8:23 p.m., Odhiambo Washington wrote:
> >
> > Sure, I am really struggling to understand this. I would like to serve
> > error pages. A complete example of this would really help. I am thinking,
> > based on the two templates you gav
On 22/04/2016 8:23 p.m., Odhiambo Washington wrote:
>
> Sure, I am really struggling to understand this. I would like to serve
> error pages. A complete example of this would really help. I am thinking,
> based on the two templates you gave and going with the one where squid
> intrudes, that it co
On 22 April 2016 at 02:16, Alex Rousskov
wrote:
> On 04/21/2016 03:26 PM, Odhiambo Washington wrote:
> > On 21 April 2016 at 23:14, Alex Rousskov wrote:
> > Logging aside, your latest random configuration is equivalent to
> > [...] not intercepting SSL at all, which brings
> > us back
On 04/21/2016 03:26 PM, Odhiambo Washington wrote:
> On 21 April 2016 at 23:14, Alex Rousskov wrote:
> Logging aside, your latest random configuration is equivalent to
> [...] not intercepting SSL at all, which brings
> us back to the old question: What do you want Squid to do?
> If I
On 21 April 2016 at 23:14, Alex Rousskov
wrote:
> On 04/21/2016 01:59 PM, Odhiambo Washington wrote:
> > On 21 April 2016 at 22:04, Amos Jeffries wrote:
> >
> > On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> > > I have now changed to *configurations suggested specifically for
> you
On 04/21/2016 01:59 PM, Odhiambo Washington wrote:
> On 21 April 2016 at 22:04, Amos Jeffries wrote:
>
> On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> > I have now changed to *configurations suggested specifically for your
> use
> > case, on this email thread* :)
> > acl
On 21 April 2016 at 22:04, Amos Jeffries wrote:
> On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> > Hi Alex,
> >
> > I have now changed to *configurations suggested specifically for your use
> > case, on this email thread* :)
> >
> >
> >
> > acl no_ssl_interception ssl::server_name
> > "/us
On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> Hi Alex,
>
> I have now changed to *configurations suggested specifically for your use
> case, on this email thread* :)
>
>
>
> acl no_ssl_interception ssl::server_name
> "/usr/local/etc/squid/ssl_bump_broken_sites.txt"
> ssl_bump splice no_
Hi Alex,
I have now changed to *configurations suggested specifically for your use
case, on this email thread* :)
acl no_ssl_interception ssl::server_name
"/usr/local/etc/squid/ssl_bump_broken_sites.txt"
ssl_bump splice no_ssl_interception
ssl_bump stare all
ssl_bump bump all
Now, suppose, as
On 04/21/2016 08:12 AM, Odhiambo Washington wrote:
> acl no_ssl_interception ssl::server_name ...
> ssl_bump splice no_ssl_interception
> ssl_bump stare step2
> ssl_bump splice all
You are mixing splice and stare now. There are two groups of actions:
* peek and then splice
* stare and then bump
On 21 April 2016 at 16:48, Alex Rousskov
wrote:
> On 04/21/2016 07:18 AM, Odhiambo Washington wrote:
> > Is is expected that using ssl_bump results into high CPU usage all the
> > time?
>
> Your question is impossible to answer in general: The CPU usage levels
> depend on the amount of Squid tra
On 04/21/2016 07:18 AM, Odhiambo Washington wrote:
> Is is expected that using ssl_bump results into high CPU usage all the
> time?
Your question is impossible to answer in general: The CPU usage levels
depend on the amount of Squid traffic, the portion of SSL traffic in the
overall traffic mix,
I will put the splice explicitly and observe.
Without ssl_bump I never saw such cpu usage with squid.
However, lemme watch and also listen to feedback..
On 21 April 2016 at 16:34, Amos Jeffries wrote:
> On 22/04/2016 1:18 a.m., Odhiambo Washington wrote:
> > Is is expected that using ssl_bum
On 22/04/2016 1:18 a.m., Odhiambo Washington wrote:
> Is is expected that using ssl_bump results into high CPU usage all the
> time?
>
Encryption adds CPU overhead, but how much depends on what your normal
use was. I dont think any of us have a good rule-of-thumb or educated
guess yet because Sq
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not necessary. May be bottleneck in OS.
21.04.16 19:25, Odhiambo Washington пишет:
> So, what could possibly be wrong with my setup, that squid consumes so much
> CPU?
>
> On 21 April 2016 at 16:22, Yuri Voinov mailto:yvoi...@gmail.com>> wrote:
>
So, what could possibly be wrong with my setup, that squid consumes so much
CPU?
On 21 April 2016 at 16:22, Yuri Voinov wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> It must not be. My most active setup has 3% CPU all time dirung peak hours.
>
> Typical view:
>
> https://i1.so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It must not be. My most active setup has 3% CPU all time dirung peak hours.
Typical view:
https://i1.someimage.com/NzM1erI.png
21.04.16 19:18, Odhiambo Washington пишет:
> Is is expected that using ssl_bump results into high CPU usage all the
Is is expected that using ssl_bump results into high CPU usage all the
time?
This is squid-3.5.17
That is what I am seeing:
last pid: 26673; load averages: 2.24, 2.00, 2.10
up 0+03:47:56 16:08:30
160 processes: 2 running, 157 sleeping, 1 zombie
CPU: 86.1% user, 0.0% nice,
On 16/04/2016 9:59 a.m., David Touzeau wrote:
> We have the same issue when upgrading to 3.5.16
>
> 3.5.16 -> squid take 100% CPU
> Back to 3.5.13 -> 12% CPU
>
Does the latest 3.5 snapshot perform better? This may be related to the
Vary regression making varant objects all MISS - and thus longer
On 16/04/2016 6:41 a.m., Mohammad Sadegh Nasiri wrote:
> Thanks Amos for your reply.
>
>
> This reaches 800 Mbps with Squid still spending a measurable chunk of its
>> time (~30%) waiting for something to do.
>
> How do you discovered to this numbers (800Mbps and ~30%)?
I explained the 800 Mbps
lists.squid-cache.org
Objet : Re: [squid-users] High CPU usage
On 15/04/2016 7:26 p.m., Mohammad Sadegh Nasiri wrote:
> Hi
>
> Does anyone knows why my squid cpu usage is 100%?
>
Before trying to answer you need to be aware that when/if it needs to Squid
will push CPU, RAM, di
On 15/04/2016 7:26 p.m., Mohammad Sadegh Nasiri wrote:
> Hi
>
> Does anyone knows why my squid cpu usage is 100%?
>
Before trying to answer you need to be aware that when/if it needs to
Squid will push CPU, RAM, disk I/O etc right to the hardware limits.
Your first trace is telling the story a
Hi
Does anyone knows why my squid cpu usage is 100%?
When it works fine:
Last 5 minutes:
sample_start_time = 1460357653.263150 (Mon, 11 Apr 2016 06:54:13 GMT)
sample_end_time = 1460357953.264761 (Mon, 11 Apr 2016 06:59:13 GMT)
client_http.requests = 1149.670493/sec
client_http.hits = 357.521413/s
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/10/2014 07:41 PM,
Marcus Kool wrote:
Indeed but setting debug_options to ALL,9 does not work since the
log file already is too big and unmanageable even before Squid
begins to do thing that consumes CPU time.
I have suggested a full one request
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/10/2014 07:41 PM, Marcus Kool wrote:
>
> Indeed but setting debug_options to ALL,9 does not work since the
> log file already is too big and unmanageable even before Squid
> begins to do thing that consumes CPU time.
I have suggested a full one
during our last tests (with 3.4.x) we also tried the worker
option. it does not matter if workers are enabled or not. with more
workers the cpu rise seems to be somewhat slower. so it is not
connected to (smp)workers. it is the external auth helper -
although the squid process and not the helper
mber 2014 14:36 An:
>> squid-users@lists.squid-cache.org Betreff: Re: [squid-users]
>> High CPU-Usage with squid 3.4.9 (and/or 3.4.4)
>>
>> On 7/11/2014 2:50 a.m., Tom Tom wrote:
>>> Hi
>>>
>>> After migration from squid 3.3.13 to 3.4.4, I re
> -Ursprüngliche Nachricht-
> Von: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Im
> Auftrag von Amos Jeffries
> Gesendet: Montag, 10. November 2014 14:36
> An: squid-users@lists.squid-cache.org
> Betreff: Re: [squid-users] High CPU-Usage with squid 3.4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/11/2014 2:50 a.m., Tom Tom wrote:
> Hi
>
> After migration from squid 3.3.13 to 3.4.4, I recognized a
> performance-issue. Squid is configured with 4 workers. They often
> have a CPU-Utilization between 50%-90% (each worker). With squid
> 3.3.13
Hi
After migration from squid 3.3.13 to 3.4.4, I recognized a
performance-issue. Squid is configured with 4 workers. They often have
a CPU-Utilization between 50%-90% (each worker). With squid 3.3.13
(same configuration), the CPU-Utilization was never a problem. I
installed squid 3.4.9 and had the
> I don't know i am correct or not but in /etc/init/squid3.conf i see
> following
> lines
> env CONFIG="/etc/squid3/squid.conf"
> env SQUID_ARGS="-YC"
>
> so i have added following line
> env LANG=C
>
> correct ? does not need double qotation mark ?
That should do it.
Marcus
>
>
> --
> View this
I don't know i am correct or not but in /etc/init/squid3.conf i see following
lines
env CONFIG="/etc/squid3/squid.conf"
env SQUID_ARGS="-YC"
so i have added following line
env LANG=C
correct ? does not need double qotation mark ?
--
View this message in context:
http://squid-web-proxy-cache.1
Thanks for the tip .
1. Is there any way to detect that what is current LANG without need to
restart squid ?
2. Is there any way to put that string inside /etc/init/squid.conf ? how ?
Thanks again .
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/High-cpu-us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/10/2014 9:01 p.m., Omid Kosari wrote:
> Dear Amos
>
> What's your idea about Marcus comment ?
>
It was a new solution to me.
I think I understand the details behind it (unicode charset size) and
agree it is worth doing if you can.
Amos
-
Dear Amos
What's your idea about Marcus comment ?
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/High-cpu-usage-by-re-search-internal-tp4667550p4667689.html
Sent from the Squid - Users mailing list archive at Nabble.com.
I suspect that the language setting is causing it.
If $LANG is different from "C" it may have a huge impact on the
performance of regular expression evaluation (not only in Squid but also
awk, sed etc.)
Try this:
LANG=C /etc/init.d/squid start
and see if Squid improves.
Marcus
> Hi,
>
> I have
Thanks a lot . The latest file with your helps is here
http://pastebin.com/8yytTWqA
Any other tricks appreciated .
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/High-cpu-usage-by-re-search-internal-tp4667550p4667661.html
Sent from the Squid - Users mailin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5/10/2014 4:12 a.m., Amos Jeffries wrote:
> On 5/10/2014 3:34 a.m., Omid Kosari wrote:
>> Mehdi Sarmadi wrote
>>> Hey
>>>
>>> Alright. About refresh pattern you have a very excessive list
>>> IMHO. I don't know about your hardware but generally fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5/10/2014 3:34 a.m., Omid Kosari wrote:
> Mehdi Sarmadi wrote
>> Hey
>>
>> Alright. About refresh pattern you have a very excessive list
>> IMHO. I don't know about your hardware but generally for a
>> typical general purpose SMB server hardware, t
Mehdi Sarmadi wrote
> Hey
>
> Alright. About refresh pattern you have a very excessive list IMHO. I
> don't know about your hardware but generally for a typical general purpose
> SMB server hardware, that's too much. If you want to stick with it and
> can't reduce the list.
> Check, how many core
Thanks .
I did it . When all refresh_pattern lines commented except following default
ones
refresh_pattern ^ftp: 144020% 10080
refresh_pattern ^gopher:14400% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5/10/2014 1:04 a.m., Omid Kosari wrote:
> Hi,
>
> I have 2 squid boxes . Same version,OS and almost same
> config,hardware . Both have same problem also . normally cpu usage
> by squid is very high . I have tried this guide
> http://wiki.squid-cach
Hi,
I have 2 squid boxes . Same version,OS and almost same config,hardware .
Both have same problem also . normally cpu usage by squid is very high . I
have tried this guide http://wiki.squid-cache.org/SquidFaq/SquidProfiling
and found more than 85% of cpu usage is by re_search_internal symbol na
47 matches
Mail list logo
