<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Então galera,<br>
<br>
Esse cliente e o que mais reclama mais sinto nos outros uma certa
lentidão também.<br>
<br>
O padrão e o CENTOS 7 do repositório versão 3.3.8 o servidor tem 4
GB de memoria hd convencional e 45 máquinas ligadas a ele.<br>
<br>
Vi num poste que tinha que aumentar a quantidade de conexões pois o
centos limita sabem dizer se isso realmente e necessário ?<br>
<br>
Hoje eu uso 3 grupos um 1 grupo livre / 2 grupo restrito / 3 grupo
bloqueado (grupo 1 tudo liberado / grupo 2 tudo liberado menos a
lista negra / grupo 3 tudo travado apenas liberando a lista branca).<br>
<br>
Vou postar aqui para que olhem o tamanho do meu squid acredito que
tenha muita coisa que não seja necessária se puderem olhar e me dar
algumas dicas para termos uma melhora nele vou ser muito grato.<br>
<br>
# usuário que vai utilizar o squid<br>
cache_effective_user squid<br>
## Squid normalmente escuta na porta 3128<br>
http_port 8080<br>
hierarchy_stoplist cgi-bin ?<br>
error_directory /usr/share/squid/errors/pt-br<br>
#nos recomendamos essas duas linhas.<br>
acl QUERY urlpath_regex cgi-bin \?<br>
cache deny QUERY<br>
# sinal do ETag responda corretamente no apache<br>
acl apache rep_header Server ^Apache<br>
#Padr√£o:<br>
cache_mem 2048 MB<br>
#altera a performance em conexões pipeline(paralelo)<br>
pipeline_prefetch on<br>
##maximum_object_size_in_memory 128 KB<br>
##maximum_object_size 4096 kb<br>
##minimum_object_size 0 kb<br>
##cache_swap_low 90<br>
##cache_swap_high 95<br>
##cache_dir ufs /cache 10000 128 256<br>
##cache_replacement_policy heap LFUDA<br>
##memory_replacement_policy heap GDSF<br>
##store_dir_select_algorithm least-load<br>
access_log /var/log/squid/access.log squid<br>
##cache_log /var/log/squid/cache.log<br>
##cache_store_log /var/log/squid/store.log<br>
pid_filename /var/run/squid.pid<br>
auth_param ntlm program /usr/bin/ntlm_auth XXXXX.LOCAL/samba
--helper-protocol=squid-2.5-ntlmssp<br>
auth_param ntlm children 20<br>
auth_param ntlm keep_alive off<br>
auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b
"dc=XXXXX,dc=local" -D "cn=squid,ou=Users,dc=XXXXX,dc=local" -w
"Mudar2016" -f sAMAccountName=%s -h <XXX.XX.XX.4 lx-server><br>
auth_param basic children 5<br>
auth_param basic realm Senha da Internet<br>
auth_param basic credentialsttl 2 hours<br>
#ACLS EXTERNA PARA AUTENTICACAO NAS BASES LDAP DO PDC<br>
external_acl_type NT_group %LOGIN
/usr/lib64/squid/ext_wbinfo_group_acl<br>
<br>
#sugestao padrao:<br>
<br>
refresh_pattern ^ftp: 1440 20% 10080<br>
refresh_pattern ^gopher: 1440 0% 1440<br>
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>
refresh_pattern . 0 20% 4320<br>
#configuração minima:<br>
acl rede_local src fc00::/7 # RFC 4193 local private network range<br>
acl rede_local src fe80::/10 # RFC 4291 link-local (directly
plugged) machines<br>
acl SSL_ports port 443<br>
acl SSL_ports port 1863<br>
acl Safe_ports port 81 #http<br>
acl Safe_ports port 1863<br>
acl Safe_ports port 80 # http<br>
acl Safe_ports port 21 # ftp<br>
acl Safe_ports port 443 # https<br>
acl Safe_ports port 70 # gopher<br>
acl Safe_ports port 210 # wais<br>
acl Safe_ports port 1025-65535 # unregistered ports<br>
acl Safe_ports port 280 # http-mgmt<br>
acl Safe_ports port 488 # gss-http<br>
acl Safe_ports port 591 # filemaker<br>
acl Safe_ports port 777 # multiling http<br>
acl safe_ports port 1025-65535 #unregistered portsx<br>
acl safe_ports port 8081 #rastreamento<br>
acl purge method PURGE<br>
acl CONNECT method CONNECT<br>
acl autenticacao proxy_auth REQUIRED src XXX.XX.XX.0/24<br>
acl grupo_livre external NT_group grp-int-livre<br>
acl grupo_restrito external NT_group grp-int-rest<br>
acl grupo_bloqueado external NT_group grp-int-bloq<br>
acl sites_proibidos dstdomain -i
"/root/gerencia/squid/sites_proibidos"<br>
acl sites_permitidos dstdomain -i
"/root/gerencia/squid/sites_permitidos"<br>
acl sites_eroticos url_regex -i
"/root/gerencia/squid/sites_eroticos"<br>
acl palavras_proibidas url_regex -i
"/root/gerencia/squid/palavras_proibidas"<br>
acl Browsers browser "/root/gerencia/squid/browsers"<br>
acl sites_webproxy dstdomain -i
"/root/gerencia/squid/sites_webproxy"<br>
acl Mimes_req req_mime_type -i
"/root/gerencia/squid/mimes_proibidos"<br>
acl Mimes_rep rep_mime_type -i
"/root/gerencia/squid/mimes_proibidos"<br>
<br>
###############################################################<br>
# LIBERA O JAVA<br>
# Java não funciona com Autenticacao NTLM<br>
###############################################################<br>
<br>
acl java browser Java<br>
http_access allow java<br>
<br>
###############################################################<br>
# LIBERA iTUNES sem Autenticacao<br>
###############################################################<br>
<br>
acl itunes dstdomain -i .apple.com<br>
http_access allow iTUNES<br>
###############################################################<br>
# LIBERA GMAIL sem Autenticacao<br>
###############################################################<br>
<br>
acl google dstdomain -i .google.com<br>
acl gstatic dstdomain -i .gstatic.com<br>
http_access allow google<br>
http_access allow gstatic<br>
<br>
###############################################################<br>
###############################################################<br>
# LIBERA ITAU<br>
###############################################################<br>
<br>
acl Itau dstdomain -i itau.com.br<br>
http_access allow CONNECT Itau<br>
<br>
################################################################<br>
## Libera Sites sem Autenticacao<br>
################################################################<br>
<br>
acl Sites_UnAuth dstdomain -i "/root/gerencia/squid/sites_unauth"<br>
http_access allow Sites_UnAuth<br>
<br>
#################################################################<br>
## Bloqueia / Libera navegacao com IP na URL<br>
#################################################################<br>
<br>
acl Deny_URL_IP dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+<br>
acl Libera_URL_IP dstdomain "/root/gerencia/squid/libera_url_ip"<br>
<br>
# somente permitir cachemgr acessar do localhost<br>
http_access allow manager localhost<br>
http_access deny manager<br>
http_access allow purge localhost<br>
http_access deny purge<br>
<br>
# Probir solictação de portas desconhecidas<br>
http_access deny !Safe_ports<br>
<br>
# Proibir CONNECT para outros usando SSL ports<br>
http_access deny CONNECT !SSL_ports<br>
<br>
# Coloque suas regras aqui<br>
http_access allow grupo_livre<br>
http_access deny Browsers<br>
# ACL PARA O GRUPO RESTRITO<br>
http_access deny sites_proibidos !sites_permitidos<br>
http_access deny sites_eroticos<br>
http_access deny sites_webproxy<br>
http_access deny palavras_proibidas<br>
http_access deny Deny_URL_IP !Libera_URL_IP<br>
http_reply_access deny Mimes_req<br>
http_reply_access deny Mimes_rep<br>
#http_access deny extban<br>
http_access allow grupo_restrito<br>
<br>
#ACL PARA O GRUPO BLOQUEADO<br>
http_access deny all !sites_permitidos<br>
http_access allow grupo_bloqueado<br>
http_access allow autenticacao<br>
<br>
#E finalmente proibir todas outras tentativas de acesso a esse proxy<br>
http_access allow localhost<br>
http_access deny all<br>
http_reply_access allow all<br>
<br>
#Permitir consultas ICP de qualquer um<br>
icp_access allow all<br>
visible_hostname proxy<br>
<br>
#pasta onde esta os arquivos do cache<br>
coredump_dir /cache<br>
<br>
#servidores dns usados pelo squid<br>
dns_nameservers XXX.XX.XX.4<br>
#dns_nameservers 8.8.8.8<br>
#dns_nameservers 8.8.4.4<br>
<br>
###############################################################################<br>
#<br>
# ADMINISTRATIVE PARAMETERS<br>
#<br>
###############################################################################<br>
<br>
cache_mgr <a class="moz-txt-link-abbreviated" href="mailto:suporte@XXXXX.com.br">suporte@XXXXX.com.br</a><br>
mail_from <a class="moz-txt-link-abbreviated" href="mailto:suporte@XXXXX.com.br">suporte@XXXXX.com.br</a><br>
mail_program mail<br>
<br>
###############################################################################<br>
#<br>
# ERROR PAGE OPTIONS<br>
#<br>
###############################################################################<br>
<br>
error_directory /usr/share/squid/errors/pt-br<br>
err_page_stylesheet /etc/squid/errorpage.css<br>
err_html_text <a class="moz-txt-link-freetext" href="mailto:gabriel@XXXXX.com.br">mailto:gabriel@XXXXX.com.br</a><br>
<br>
<br>
<br>
Atenciosamente,<br>
<br>
Gabriel Franca<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">Em 22/02/2016 20:50, Rodrigo Maia
escreveu:<br>
</div>
<blockquote
cite="mid:CAC-YYqP4U_oUt7-OX=QbAty4QBSe1ZB0DpHSGoMGGaBWFfNmaA@mail.gmail.com"
type="cite">
<p dir="ltr">É um cliente isolado ou vários se for isolado veja os
passivos da rede. O squid tem uma regra ao se criar o
repositório de cache outra coisa interessante é declarar os dns
servers por meio das strings do proprio squid no Conf dele. </p>
<p dir="ltr">Desculpe o jeito postado do móvel e em aula. Boa
sorte! <br>
</p>
<div class="gmail_quote">On Feb 22, 2016 4:53 PM, "Greyson Farias"
<<a moz-do-not-send="true"
href="mailto:greysonsilva@gmail.com">greysonsilva@gmail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">É bom revisar as configurações do Squid. Alguma
ACL pode estar ocasionando a lentidão. Dar uma monitorada
com o IOTOP para verificar se não é algo no disco rígido,
verificar com o HTOP como está o consumo de CPU também é
recomendado.<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr"><b>Greyson Farias da Silva</b><br>
Técnico em Operação de redes - CREA/AC 9329TD<br>
Eu prefiro receber documentos em <a
moz-do-not-send="true"
href="http://pt.wikipedia.org/wiki/OpenDocument"
target="_blank">ODF</a>.<br>
<a moz-do-not-send="true"
href="http://about.me/greysonfarias" target="_blank">http://about.me/greysonfarias</a><br>
<img moz-do-not-send="true"
src="https://dl.dropboxusercontent.com/u/13031328/tux_greyson.png"
height="96" width="96"><br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">Em 22 de fevereiro de 2016 14:46,
Gabriel O. Franca <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:gabriel.franca@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:gabriel.franca@gmail.com">gabriel.franca@gmail.com</a></a>></span>
escreveu:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Boa
Tarde Pessoal.<br>
<br>
Estou com um cliente reclamando de lentidão no proxy.<br>
<br>
Estou usando um centos 7 o squid e o do repositório
padrão.<br>
<br>
Em alguns casos o cliente reclama e como não está tendo
consumo exagerado de link eu vou lá e reinicio o squid e
normaliza o acesso.<br>
<br>
alguém já passou por isso ?<br>
<br>
Atenciosamente,<br>
<br>
Gabriel Franca<br>
_______________________________________________<br>
CentOS-pt-br mailing list<br>
<a moz-do-not-send="true"
href="mailto:CentOS-pt-br@centos.org" target="_blank">CentOS-pt-br@centos.org</a><br>
<a moz-do-not-send="true"
href="https://lists.centos.org/mailman/listinfo/centos-pt-br"
rel="noreferrer" target="_blank">https://lists.centos.org/mailman/listinfo/centos-pt-br</a><br>
</blockquote>
</div>
<br>
</div>
<br>
_______________________________________________<br>
CentOS-pt-br mailing list<br>
<a moz-do-not-send="true"
href="mailto:CentOS-pt-br@centos.org">CentOS-pt-br@centos.org</a><br>
<a moz-do-not-send="true"
href="https://lists.centos.org/mailman/listinfo/centos-pt-br"
rel="noreferrer" target="_blank">https://lists.centos.org/mailman/listinfo/centos-pt-br</a><br>
<br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
CentOS-pt-br mailing list
<a class="moz-txt-link-abbreviated" href="mailto:CentOS-pt-br@centos.org">CentOS-pt-br@centos.org</a>
<a class="moz-txt-link-freetext" href="https://lists.centos.org/mailman/listinfo/centos-pt-br">https://lists.centos.org/mailman/listinfo/centos-pt-br</a>
</pre>
</blockquote>
<br>
</body>
</html>