On Mon, 2010-03-22 at 08:47 +0100, Marcello Romani wrote:
> Muhammad Sharfuddin ha scritto:
> > On Mon, 2010-03-22 at 19:27 +1300, Amos Jeffries wrote:
> >>> Thanks list for help.
> >>>
> >>> restarting squid is not a solution, I noticed only after 20 minutes
> >>> after restarting, squid started consuming/eating CPU again.
> >>>
> >>> On Wed, 2010-03-17 at 19:54 +1100, Ivan . wrote:
> >>>> you might want to check out this thread
> >>>> http://www.mail-archive.com/squid-users@squid-cache.org/msg56216.html
> >>> Neither I installed any package.. i.e not checked
> >>>
> >>> On Wed, 2010-03-17 at 05:27 -0700, George Herbert wrote:
> >>>> or install the Google malloc library and recompile Squid to
> >>>> use it instead of default gcc malloc.
> >>> On Wed, 2010-03-17 at 15:01 +0200, Henrik K wrote:
> >>>> If the system regex is issue, wouldn't it be better/simpler to just
> >>>> compile
> >>>> with PCRE? (LDFLAGS="-lpcreposix -lpcre"). It doesn't leak and as a bonus
> >>>> makes your REs faster.
> >>> Nor I re-compiled Squid, as I have to use binary/rpm version of squid
> >>> that shipped with the Distro I am using
> >>>
> >>> issue resolved via removing acl that blocked almost 60K urls/domains
> >>>
> >>> commenting following worked
> >>> ##acl porn_deny url_regex "/etc/squid/domains.deny"
> >>> ##http_access deny porn_deny
> >>>
> >>> so how can I deny illegal contents/website ?
> >>>
> >> If those were actually domain names...
> > they are both urls and domain
> >
> >> * use "dstdomain" type instead of regex.
> > ok nice suggestion
> >
> >
> >> Optimize order of ACLs so do most rejections as soon as possible with
> >> fastest match types.
> >>
> > I think its optimized, as the rule(squeezing cpu) is the first rule in
> > squid.conf
>
> That's the exact opposite of "optimizing" as the cpu-consuming rule is
> _always_ executed.
> First rules should be non-cpu consuming (i.e. non-regexp) and should
> block most of the traffic, leaving the cpu-consuming ones at the bottom,
> ralrely executed.
>
> >> If you don't mind sharing your squid.conf access lines we can work
> >> through optimizing with you.
> > I posted squid.conf when I start this thread/topic, but I have no issue
> > posting it again ;)
>
> I think he meant the list of blocked sites / url
its 112K after compression, am I allowed to post/attach such a big
file ?
> .
>
> >
> > squid.conf:
> > acl myFTP port 20 21
> > acl ftp_ipes src "/etc/squid/ftp_ipes.txt"
> > http_access allow ftp_ipes myFTP
> > http_access deny myFTP
> >
> > #### this is the acl eating CPU #####
> > acl porn_deny url_regex "/etc/squid/domains.deny"
> > http_access deny porn_deny
> > ###############################
> >
> > acl vip src "/etc/squid/vip_ipes.txt"
> > http_access allow vip
> >
> > acl entweb url_regex "/etc/squid/entwebsites.txt"
> > http_access deny entweb
> >
> > acl mynet src "/etc/squid/allowed_ipes.txt"
> > http_access allow mynet
> >
> >> Amos
> >
>
>
-- Regards Muhammad Sharfuddin | NDS Technologies Pvt Ltd | +92-333-2144823 Novice: name a single major diff b/w Redhat and SUSE GURU: One is Red and the other one is GreenReceived on Mon Mar 22 2010 - 07:58:27 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 22 2010 - 12:00:05 MDT