Re: [squid-users] Images are not loading properly into web pages. (not sure about my cache settings)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 11 Mar 2010 01:47:29 +1300

GIGO . wrote:
> Dear All,
>
> I am facing this problem that images are not loading properly into web pages. The clients that are directly on ISA are having better expereince of net browsig then Squid with cache. (Its response is slow).
>
> Something to do with my cache settings??
>
> Further information : I have four(4) Gb of physical ram on my server (ubuntu 8.04 LTS). With Physical Raid 1 implemented on IBM 3650 X series. Default Partition Scheme of Ubunutu (Without LVM) is applied.
>
>
> please guide me about it.
>
> regards,
>
> Bilal
>
> My Squid.conf File
>
> visible_hostname 10.1.82.53
> cache_peer 10.1.82.205 parent 8080 0 default no-digest no-query
> http_port 10.1.82.53:3128
> never_direct allow all
> cache_effective_user proxy
> cache_mgr bilal.aslam_at_mcb.com.pk
> coredump_dir /var/sppol/squid3
> cache_dir ufs /var/squidcache 50000 16 256

Problem #1: ufs filesystem is slowest available. Use aufs on Linux.

> cache_swap_low 75
> cache_mem 1000 MB
> maximum_object_size 195 MB
> minimum_object_size 12 bytes
> cache_replacement_policy lru
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl localServers dst 10.1.82.0/24 10.1.80.0/24 10.1.245.0/24
> #acl localServers dstdomain .bla.bla.com
> no_cache deny LocalServers

Problem #2: "no_cache" is obsolete.

The above means prevent caching of LocalServers responses.
ie:
   cache deny LocalServers

> acl Query urlpath_regex cgi-bin \?
> cache deny Query
> hierarchy_stoplist cgi-bin ?

Problem #3: dynamic web objects are extremely common these days and a
large portion are cacheable. Maybe the stuff you want cached has a ? in it.
  Remove the "Query" ACL and rules.

>
> acl manager proto cache_object
> http_access allow manager
> http_access deny manager
> acl OverConnLimit maxconn 10
> http_access deny OverConnLimit

Note: capping connection limits is known to cause noticeable slowdown
for clients. The more parallel requests that can be down the faster
large multi-object pages download (sites like www.cnn.com with it's
legendary 480+ front-page objects [they have improved now]). It's up to
you though.

> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> http_access allow localhost
>
> acl SSL_ports port 443 #https
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> acl FcUsr src "/etc/squid3/FcUsr.conf"
> acl PUsr src "/etc/squid3/PUsr.conf"
> acl RUsr src "/etc/squid3/RUsr.conf"
> acl Working_hours time MTWHF 09:00-17:00
> acl inlunchbreak time 13:00-14:30
> ####----Definitions for BlockingRules----#####
> ###Definition of MP3/MPEG
> acl FTPMP3 url_regex -i ^ftp://.*\.mp3$

Sometimes like this its faster to spit that into two ACLs...

   acl FTP proto FTP
   acl MP3url urlpath_regex \.mp3(\?.*)?$

  http_accesss ... FTP MP3url

> acl Movies rep_mime_type video/mpeg
> acl MP3s rep_mime_type audio/mpeg
>
> ###Definition of Flash Video
> acl deny_rep_mime_flashvideo rep_mime_type video/flv
> ###Definition of Porn
> acl Sex urlpath_regex sex
> acl PornSites url_regex "/etc/squid3/pornlist"
>
> ####Definition of YouTube.
> ## The videos come from several domains
> acl youtube_domains dstdomain .youtube.com .googlevideo.com .ytimg.com
> ###Definition of FaceBook
> acl facebook_sites dstdomain .facebook.com
>
> #### Definition of MSN Messenger
> acl msn urlpath_regex -i gateway.dll
> acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
> acl msn1 req_mime_type application/x-msn-messenger
>
> ####Definition of Blockig Skype
> acl numeric_IPs url_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
> acl Skype_UA browser ^skype^
> ##Definition of Yahoo! Messenger
> acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
> acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
> acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
> acl ym dstdomain .voice.yahoo.com
> acl ymregex url_regex yupdater.yim ymsgr myspaceim
> ## Other protocols Yahoo!Messenger uses ??
> acl ym dstdomain .skype.com .imvu.com
> ###Disallowing download of executables from web#####
> acl downloads url_regex "/etc/squid3/download.conf"
>
> ###---------------------------------------------########
> http_access deny PornSites RUsr
> http_access deny PornSites PUsr
> http_access deny Sex RUsr
> http_access deny Sex PUsr
> http_access deny msnd PUsr
> http_access deny msnd RUsr
> http_access deny msn PUsr
> http_access deny msn RUsr
> http_access deny msn1 PUsr
> http_access deny msn1 RUsr
> http_access deny numeric_IPs PUsr
> http_access deny numeric_IPs RUsr
> http_access deny Skype_UA PUsr
> http_access deny Skype_UA RUsr
> http_access deny ym RUsr
> http_access deny ym PUsr
> http_access deny ymregex RUsr
> http_access deny ymregex PUsr
> #----Most Restricted settings Exclusive for Normal users......#
> http_reply_access deny Movies RUsr
> http_reply_access deny MP3s RUsr
> http_access deny FTPMP3 RUsr

http_access deny FTP MP3url

> http_reply_access deny deny_rep_mime_flashvideo RUsr
> http_access deny youtube_domains RUsr
> http_access deny facebook_sites RUsr
> http_access deny downloads RUsr
> http_access allow youtube_domains inlunchbreak PUsr
> http_access allow facebook_sites inlunchbreak PUsr
> http_access deny youtube_domains PUsr Working_hours
> http_access deny facebook_sites PUsr Working_hours
> http_access allow FcUsr
> http_access allow PUsr
> http_access allow RUsr
> http_access deny all
>

As a general rule-of-thumb for better speed place the faster ACL first
on each line and the slowest at the end. For Squid remote lookups is
_the_ slowest around, with regex a close second.

This is a rough estimate of the order (top== fastest) of speed of your
ACL types:

   src / port / proto / method
   dstdomain / time
   urlpath_regex / rep_mime_type / req_mime_type
   url_regex / browser

To speed your Squid up you need a lot of access line changes like this one:

before optimizing:
   http_access allow youtube_domains inlunchbreak PUsr

after optimizing:
   http_access allow PUsr inlunchbreak youtube_domains

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24
   Current Beta Squid 3.1.0.17
Received on Wed Mar 10 2010 - 12:47:37 MST

This archive was generated by hypermail 2.2.0 : Wed Mar 10 2010 - 12:00:03 MST