Hi all. Squid has a strange behavior: suddenly, it stops writing the log files (access.log and cache.log) for about 30 seconds clients cannot access the cache. Because my proxy is using AD auth, I checked the link between them and is OK. During the time squid "is down", the number of ext_wbinfo_group_acl processes starts growing until Squid operates normally. My squid box has 4GB of RAM and enough disk space to store the cache.
Here is my squid.conf: http_port 3128 ############################################################################ # Administrative Parameters ############################################################################ visible_hostname Proxy-cache cache_mgr pr...@proxy.net<mailto:pr...@proxy.net> cache_effective_user proxy error_directory /usr/share/squid3/errors/es err_page_stylesheet /etc/squid3/style.css ############################################################################ #******************************Ports*************************************# ############################################################################ #acl manager proto cache_object #acl all src 0.0.0.0/0.0.0.0 #acl localhost src 127.0.0.1/32 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 #prot gopher acl Safe_ports port 210 #whais acl Safe_ports port 280 #http-mgmt acl Safe_ports port 488 #gss-http acl Safe_ports port 591 #filemaker acl Safe_ports port 8080 acl Safe_ports port 2481 acl Safe_ports port 20010 acl Safe_ports port 777 #multi http #acl purge method PURGE acl CONNECT method CONNECT acl_uses_indirect_client on delay_pool_uses_indirect_client on log_uses_indirect_client on http_access allow manager all http_access deny manager ############################################################################ #*******************HELPERS AD**************************# ############################################################################ auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --DOMAIN=DOMAIN auth_param ntlm children 300 startup=100 idle=50 auth_param ntlm keep_alive off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 50 startup=20 idle=10 auth_param basic realm proxy auth_param basic credentialsttl 2 hours ########################################################################### #****************************ACL******************************************# ########################################################################### external_acl_type Grupos_AD ttl=10 children-max=300 children-startup=100 children-idle=150 ipv4 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl acl proxy external Grupos_AD Users_proxy ############################################################################ #*****************************Rules***************************************# ############################################################################ acl auth proxy_auth REQUIRED http_access deny !auth http_access allow proxy all http_access deny !Safe_ports http_access deny CONNECT !SSL_PORTS #http_access allow redlocal http_access deny all ############################################################################ #*************************Log********************************# ############################################################################ logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt cache_access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log logfile_rotate 0 buffered_logs off ############################################################################ #******************Cache and memory***************************# ############################################################################ cache_dir aufs /var/spool/squid3 30000 16 256 cache_mem 1536 MB cache_swap_low 80 cache_swap_high 95 maximum_object_size_in_memory 1024 KB memory_cache_mode always maximum_object_size 200 MB minimum_object_size 0 KB cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF cache_store_log none log_icp_queries off redirect_rewrites_host_header off fqdncache_size 51200 ############################################################################ # Refresh Pattern Options ############################################################################ refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 43200 90% 43200 refresh_pattern -i \.(html|htm|css|js|xhtml)$ 9440 90% 43200 refresh_pattern -i \.index.(html|htm)$ 0 40% 10080 refresh_pattern -i \.(xml|flow)$ 0 90% 100000 refresh_pattern -i \.(json)$ 1440 90% 5760 refresh_pattern -i \.(bin|deb|rpm|drpm|exe|zip|tar|tgz|bz2|ipa|bz|ram|rar|bin|uxx|gz|crl|dll|hz|apk|wtex|hz|tiff)$ 43200 90% 43200 refresh_pattern -i \.(swf|js|wav|css|class|dat|zsci|do|ver|advcs|woff|eps|ttf|svg|svgz|ps|acsm|wm(a|v))$ 43200 90% 43200 #facebook refresh_pattern ^https://*.facebook.com/* 14400 100% 4320 refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 14400 80% 10800 refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 14400 80% 10800 refresh_pattern fbcdn\.net.*\.(jpg|jpeg|gif|png|ico|mp3|flv) 14400 80% 20080 refresh_pattern static\.ak\.fbcdn\.net.*\.(jpg|jpeg|gif|png|ico|mp3|flv) 14400 80% 20080 #otros refresh_pattern ^https://*.yahoo.*/.* 720 100% 4320 refresh_pattern ^https://*.gmail.*/.* 720 100% 4320 refresh_pattern ^https://*.google.*/.* 720 100% 4320 refresh_pattern ^https://*.googlesyndication.*/.* 720 100% 4320 refresh_pattern ^http://*.mercadolibre.*/.* 720 100% 4320 refresh_pattern youtube.*videoplay 14400 90% 24400 refresh_pattern youtube.*get_video 14400 90% 24400 refresh_pattern google.*videoplay 14400 90% 24400 refresh_pattern googlevideo.*get_video 14400 90% 24400 refresh_pattern -i ^https?:\/\/.*(gstatic\.com.*).* 1440 99% 14400 refresh_pattern -i ^https:\/\/.*googleapis\.com\/.*\.*\/v2\/code\.google\.com\/.*\.* 10080 80% 43200 refresh_pattern ^.*safebrowsing.*google 10080 80% 10080 refresh_pattern -i gstatic.*/.* 14400 80% 10080 refresh_pattern ytimg\.com\/.*\.(jpg|jpeg|gif|png|ico|mp3|flv|mp4) 14400 90% 24400 refresh_pattern (mt|kh|pap).*\.google\.com 14400 90% 24400 refresh_pattern (mt|kh|pap).*\.googleapis\.com 14400 90% 24400 refresh_pattern s\d+\.dotua\.org\/fsua_items.*\.(jpg|jpeg|gif|png|ico|mp3|flv|mp4) 14400 90% 24400 refresh_pattern .*static\.video\.yandex\.ru\/swf\/.*&r=.* 14400 90% 24400 refresh_pattern vec.*\.maps\.yandex\.net\/tiles\? 14400 90% 20080 refresh_pattern static.*\.maps\.yandex\. 14400 90% 20080 refresh_pattern pvec.*\.maps\.yandex\.net 14400 90% 20080 refresh_pattern lrs\.maps\.yandex\.net\/tiles\? 14400 90% 20080 refresh_pattern yandex\.st\/.*(jpg|jpeg|gif|png|ico|mp3|flv|mp4) 14400 90% 20080 refresh_pattern static\.video\.yandex\.net\/.*(jpg|jpeg|gif|png|ico|mp3|flv|mp4).* 14400 90% 20080 refresh_pattern -i \.*(.*(maps)).* 1440 99% 14400 #refresh_pattern -i (yimg|twimg)\.com\.* 1440 100% #refresh_pattern -i (ytimg|ggpht)\.com\.* 1440 80% 129600 refresh_pattern -i (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar|ggpht)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 14400 99% 14400 refresh_pattern \.(ico|video-stats) 1440 99% 14400 refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 refresh_pattern -i \.disquscdn.\* 14400 90% 20080 #cache microsoft and adobe and other documents refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|ps)$ 100000 90% 200000 refresh-ims refresh_pattern -i \.(xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt)$ 100000 90% 200000 refresh-ims #refresh_pattern -i windowsupdate.com/.*\.(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200 refresh_pattern -i (.+\.||)microsoft.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|iso|psf) 10080 100% 172800 refresh-ims refresh_pattern -i (.+\.||)windowsupdate.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|iso|psf) 10080 100% 172800 refresh-ims #refresh_pattern ([^.]+.)?(download|(windows)?update).(microsoft.)?com/.*.(cab|exe|msi|msp|psf|wma|wmv|msu|msf|dat|zip) 10080 100% 43200 refresh-ims refresh_pattern . 0 40% 40320 ########################################################################### # Other Options ########################################################################### quick_abort_min 1024 KB quick_abort_max 2048 KB quick_abort_pct 90 memory_pools off memory_pools_limit 0 ignore_unknown_nameservers on #negative_ttl 10 request_body_max_size 0 KB forward_timeout 4 minutes forwarded_for off request_header_access X-Forwarded-For deny all read_timeout 2 minutes request_timeout 2 minutes client_lifetime 1 day half_closed_clients off shutdown_lifetime 2 second ipcache_size 51200 ipcache_low 90 ipcache_high 95 icp_port 0 htcp_port 0 icp_access deny all htcp_access deny all visible_hostname proxy client_db on pinger_enable off strip_query_terms on debug_options ALL,1 33,2 28,9 coredump_dir /var/spool/squid3 read_ahead_gap 1 MB forward_max_tries 25 ########################################################################### # DNS and FTP options ########################################################################### ftp_passive on ftp_sanitycheck off ftp_telnet_protocol off positive_dns_ttl 6 hours dns_v4_first on dns_timeout 2 minutes negative_dns_ttl 300 seconds Thanks! -- @verovan
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
