Muhammad Sharfuddin ha scritto:
> On Mon, 2010-03-22 at 19:27 +1300, Amos Jeffries wrote:
>>> Thanks list for help.
>>>
>>> restarting squid is not a solution, I noticed only after 20 minutes
>>> after restarting, squid started consuming/eating CPU again.
>>>
>>> On Wed, 2010-03-17 at 19:54 +1100, Ivan . wrote:
>>>> you might want to check out this thread
>>>> http://www.mail-archive.com/squid-users@squid-cache.org/msg56216.html
>>> Neither I installed any package.. i.e not checked
>>>
>>> On Wed, 2010-03-17 at 05:27 -0700, George Herbert wrote:
>>>> or install the Google malloc library and recompile Squid to
>>>> use it instead of default gcc malloc.
>>> On Wed, 2010-03-17 at 15:01 +0200, Henrik K wrote:
>>>> If the system regex is issue, wouldn't it be better/simpler to just
>>>> compile
>>>> with PCRE? (LDFLAGS="-lpcreposix -lpcre"). It doesn't leak and as a bonus
>>>> makes your REs faster.
>>> Nor I re-compiled Squid, as I have to use binary/rpm version of squid
>>> that shipped with the Distro I am using
>>>
>>> issue resolved via removing acl that blocked almost 60K urls/domains
>>>
>>> commenting following worked
>>> ##acl porn_deny url_regex "/etc/squid/domains.deny"
>>> ##http_access deny porn_deny
>>>
>>> so how can I deny illegal contents/website ?
>>>
>> If those were actually domain names...
> they are both urls and domain
>
>> * use "dstdomain" type instead of regex.
> ok nice suggestion
>
>
>> Optimize order of ACLs so do most rejections as soon as possible with
>> fastest match types.
>>
> I think its optimized, as the rule(squeezing cpu) is the first rule in
> squid.conf
That's the exact opposite of "optimizing" as the cpu-consuming rule is
_always_ executed.
First rules should be non-cpu consuming (i.e. non-regexp) and should
block most of the traffic, leaving the cpu-consuming ones at the bottom,
ralrely executed.
>> If you don't mind sharing your squid.conf access lines we can work
>> through optimizing with you.
> I posted squid.conf when I start this thread/topic, but I have no issue
> posting it again ;)
I think he meant the list of blocked sites / url.
>
> squid.conf:
> acl myFTP port 20 21
> acl ftp_ipes src "/etc/squid/ftp_ipes.txt"
> http_access allow ftp_ipes myFTP
> http_access deny myFTP
>
> #### this is the acl eating CPU #####
> acl porn_deny url_regex "/etc/squid/domains.deny"
> http_access deny porn_deny
> ###############################
>
> acl vip src "/etc/squid/vip_ipes.txt"
> http_access allow vip
>
> acl entweb url_regex "/etc/squid/entwebsites.txt"
> http_access deny entweb
>
> acl mynet src "/etc/squid/allowed_ipes.txt"
> http_access allow mynet
>
>> Amos
>
-- Marcello RomaniReceived on Mon Mar 22 2010 - 07:47:32 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 22 2010 - 12:00:05 MDT