Re: [squid-users] Re: slow browsing in centos 6.3 with squid 3 !!

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Sun, 24 Feb 2013 15:18:48 -0300

Ahmad,

If you think the problem is squidguard, you have to get sure about this.
I suggest to disable squidguard and see if the performance get better
to confirm that the bottleneck is indeed caused by squidguard.

IF it is confirmed that squidguard is the bottleneck you can either
try to optimise the squidguard configuration or switch to a
faster alternative like ufdbguard.

Marcus

On 02/24/2013 08:30 AM, Ahmad wrote:
> hello ,
> thanks Amos , ive modified the config file as u suggested .
> after removing the raid 0 , ive noted a better performance .
> =============================================================
> in general , browsing speed is lower than the speed in the absence of squid
> , but any way it is acceptable and i wish to enhance it as i can !
> ======================================================
> As i mentioned in the beginning , i have an excellent hardware with about 32
> G ram.
> but i have major problem in squid-guard !!
> after sometime it begins to bypass!!!!!!
> i searched to use dansguardian instead of squid-guard but it seems that
> dansguardian is not compatible with tproxy !!===> seems as shook to me !
> ==================================================
>
> i have pumped only 1000 users with about 150-180 M only !!!!
> here is the log of squidguard !
> ==============
> 2013-02-24 06:25:32 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://surprises.tango.me/ts//assets/ayol_fairy_gingerbread_surprise_2-UI_VG_SELECTOR_PACK-android.zip
> 2013-02-24 06:25:38 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://ds.serving-sys.com/BurstingRes//Site-38682/Type-11/8986049_182e1c3c-0f89-4ee4-b991-0c98ef5d36d9.js
> 2013-02-24 06:25:45 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://surprises.tango.me/ts//assets/ayol_im_ttyl_surprise_2-ANIMATION_PACK-.zip
> 2013-02-24 06:25:46 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://surprises.tango.me/ts//assets/ayol_im_ttyl_surprise_2-UI_VG_SELECTOR_PACK-android.zip
> 2013-02-24 06:25:50 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://77.243.189.57/cdn.putlocker.com/r1KH3Z/aMY6kLQ9Y4nVxYoGofr/F778Rl7N1PtcjpnR72foOrRFQFTTOWnIjvwbKzKKLDpTC3nv4Kh/K+3FFomVqpbeDogNm0/cKEgcunONMTnmaPr7n//KF5/814INq/4yNylLOToeoy6OJKctncNXM2dS5HRPZcpOAmCNMA+O3NUW6S6DkghtNARxhxt4bEYRC7/f/g701W8M3Jmk59GYBDKY/HtvLMMpN59j17pg=/wrath.of.the.titans.2012_bae33_f43c0.flv
> 2013-02-24 06:26:01 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://images.bokra.net/bokra//03-02-2013/117x78/0Double-Team-1997-Dutch-Front-Cover-72004.jpg
> 2013-02-24 06:26:02 [17282] Warning: Possible bypass attempt. Found a
> trailing dot in the domain name:
> http://dnl-19.geo.kaspersky.com/index/../bases/wmuf/wmuf-0607g.xml.dif
> 2013-02-24 06:26:07 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://images.bokra.net/bokra//20-01-2013/117x78/013590551321.jpg
> 2013-02-24 06:26:11 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://images.bokra.net/bokra//24-02-2013/90x70/0157950561.jpg
> 2013-02-24 06:26:15 [17283] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://images.bokra.net/bokra//24-02-2013/152x125/VMP0original%20(4).jpg
> 2013-02-24 06:26:20 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.01.01.07
> 2013-02-24 06:26:21 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://213.171.205.238/rules///archive201302/sc1.bin.incr.2013.02.24.01.55.06
> 2013-02-24 06:26:24 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://213.171.205.238/rules///archive201302/sc1.bin.incr.2013.02.24.02.42.47
> 2013-02-24 06:26:25 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://rpc-php.trafficfactory.biz/tower-1xfooter-1/bf6b32919541f9227b4fceedb513d3e9/1//xvideos/display.js?v=0.010611487734062397
> 2013-02-24 06:26:31 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://213.171.205.238/rules///sc17.bin.incr.2013.02.23.21.01.08
> 2013-02-24 06:26:33 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://87.106.240.241/rules///sc17.bin.incr.2013.02.23.22.01.07
> 2013-02-24 06:26:34 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.04.01.06
> 2013-02-24 06:26:41 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.06.01.06
> 2013-02-24 06:26:49 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.10.01.08
> 2013-02-24 06:26:57 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.12.01.27
> 2013-02-24 06:26:58 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.15.01.07
> 2013-02-24 06:26:59 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://www.bokra.net/images//play_btn.png
> 2013-02-24 06:27:02 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://images.bokra.net/bokra//27-01-2013/139x96/03ala_mar_alzman.jpg
> 2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found a
> trailing dot in the domain name:
> http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
> 2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
> 2013-02-24 06:27:06 [17282] Warning: Possible bypass attempt. Found multiple
> slashes where only one is expected:
> http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.17.01.08
> 2013-02-24 06:27:07 [17282] Warning: Possible bypass attempt. Found a
> trailing dot in the domain name:
> http://www.google.ps/xjs/_/js/i/qi/rt=j/ver=TRRqyfYv7Gg.en_US./d=0/sv=1/rs=AItRSTORVFAb4tDIudEqfOL475VKj3yMmw
> ^Z
> [1]+ Stopped tailf /usr/local/squidGuard/log/squidGuard.log
> [root_at_squid ~]#
> ==============================
> here is a sample of cache.log file:
> {Accept: */*
> Content-Type: application/x-www-form-urlencoded
> 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept:
> */*
> Content-Type: application/x-www-form-urlencoded}
> NULL
> {Accept: */*
> Content-Type: application/x-www-form-urlencoded
> 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept:
> */*
> Content-Type: application/x-www-form-urlencoded}
> NULL
> {Accept: */*
> Content-Type: application/x-www-form-urlencoded
> 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept:
> */*
> Content-Type: application/x-www-form-urlencoded}
> NULL
> {Accept: */*
> Content-Type: application/x-www-form-urlencoded
> 2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept:
> */*
> Content-Type: application/x-www-form-urlencoded}
> NULL
> {Accept: */*
> Content-Type: application/x-www-form-urlencoded
> 2013/02/24 06:24:41| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:00| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:04| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:07| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:09| helperHandleRead: unexpected reply on channel 0 from
> redirector #1 ''
> 2013/02/24 06:25:09| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:11| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:11| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:21| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:23| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:28| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:35| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:36| clientProcessRequest: Invalid Request
> 2013/02/24 06:25:56| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:07| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:11| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:17| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:19| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:23| helperHandleRead: unexpected reply on channel 0 from
> redirector #1 ''
> 2013/02/24 06:26:29| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:32| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:34| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:36| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:38| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:40| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:52| clientProcessRequest: Invalid Request
> 2013/02/24 06:26:53| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:04| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:10| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:10| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:23| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:28| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:40| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:40| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:42| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:46| squidaio_queue_request: WARNING - Queue congestion
> 2013/02/24 06:27:51| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:57| clientProcessRequest: Invalid Request
> 2013/02/24 06:27:59| statusIfComplete: Request not yet fully sent "POST
> http://cr.torchbrowser.com/"
> 2013/02/24 06:28:08| clientProcessRequest: Invalid Request
> 2013/02/24 06:28:12| clientProcessRequest: Invalid Request
> 2013/02/24 06:28:15| clientProcessRequest: Invalid Request
> 2013/02/24 06:28:18| clientProcessRequest: Invalid Request
> 2013/02/24 06:28:24| clientProcessRequest: Invalid Request
> 2013/02/24 06:28:25| clientProcessRequest: Invalid Request
> 2013/02/24 06:28:27| clientProcessRequest: Invalid Request
> ==============================================
> here is the config file after all modifications :
> [root_at_squid dansguardian-2.12.0.3]# cat /etc/squid/squid.conf
> # squid Config By "xxx" "xxx
> ###################
> acl all src all
> acl manager proto cache_object
> acl localnet src 192.168.1.0/24 z.z.0.0/16 z.z.0.0/16
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 590 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> ################################
> visible_hostname squid
> coredump_dir /var/spool/squid
> ####squidguard###################
> redirect_program /usr/local/bin/squidGuard -c
> /usr/local/squidGuard/squidGuard.conf
> redirector_bypass on
> url_rewrite_children 200
> cache_effective_user squid
> cache_effective_group squid
> ##############################
> #Recommended minimum configuration:
> # Only allow cachemgr access from localhost
> http_access allow manager localhost
> http_access allow localnet
> http_access deny manager
> # Deny requests to unknown ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than SSL ports
> http_access deny CONNECT !SSL_ports
> # And finally deny all other access to this proxy
> http_access deny all
> #Allow ICP queries from everyone
> icp_access allow all
> #######################################
> access_log /var/log/squid/access.log
> cache_dir aufs /cache1 500000 32 256
> cache_dir aufs /cache2 500000 32 256
> cache_dir aufs /cache3 500000 32 256
> cache_mem 20000 MB
> ##########################
> http_port 127.0.0.1:3128
> http_port x.x.x:65000
> http_port 3128
> http_port 3129 tproxy
> ########### Performance Related Config:
> relaxed_header_parser on
> vary_ignore_expire on
> ##########################################
> memory_replacement_policy heap GDSF
> cache_replacement_policy heap LFUDA
> ###########################################
> ipcache_size 2048
> ipcache_low 98
> ipcache_high 99
> memory_pools off
> pipeline_prefetch on
> ############################################
> httpd_suppress_version_string on
> server_persistent_connections on
> client_persistent_connections on
> pconn_timeout 2 minutes
> persistent_request_timeout 1 minute
> ###########################################
> ########### WCCP2 Config#############
> wccp2_router x.x.x.x
> wccp_version 2
> wccp2_forwarding_method 2
> wccp2_return_method 2
> #wccp2_assignment_method mask
> wccp2_service dynamic 80
> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
> wccp2_service dynamic 90
> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
> priority=240 ports=80
> ##########################################
> ###########################################
> #default option
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> #################################################
> forwarded_for on
> max_filedescriptors 65536
> max_open_disk_fds 65536
> relaxed_header_parser on
> reload_into_ims on
> client_lifetime 15 minutes
> read_timeout 5 minutes
> request_timeout 1 minutes
> ie_refresh on
> ignore_expect_100 on
> vary_ignore_expire on
> ###############################
> ################################
> httpd_suppress_version_string on
> server_persistent_connections on
> client_persistent_connections on
> pconn_timeout 2 minutes
> persistent_request_timeout 1 minute
> shutdown_lifetime 20 seconds
> #############################
> cache_swap_low 98
> cache_swap_high 99
> cache_replacement_policy heap LFUDA
> minimum_object_size 0
> maximum_object_size 130 MB
> ###############################
>
> wish the outputs above , help to solve the problem of squid-guard bypassing
>
> with my best regards..
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/slow-browsing-in-centos-6-3-with-squid-3-tp4658635p4658675.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
>
Received on Sun Feb 24 2013 - 18:18:59 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 25 2013 - 12:00:04 MST