Squid lento - discuss-es

31 Jul 2013


      Buenas Lista:
Les comento que hace algunos dias, instale un nuevo  servidor en Centos 6.4 .  la cuestion es que el SQUID anda muy  lento.Pense que era mi  linea , pero conectado una maquina directo  al  router es rapidisimo, pero  si lo pongo detras del proxy  la pagina se demora antes de cargar unos 7 a 8 Segundos.
copio  mi squid.: en pastebin (http://pastebin.com/Gk5UVYgP)
··············································acl manager proto cache_objectacl localhost src 127.0.0.1/32 ::1acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.# Adapt to list your (internal) IP networks from where browsing# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal networkacl localnet src 172.16.0.0/12  # RFC1918 possible internal networkacl localnet src 192.168.0.0/16 # RFC1918 possible internal networkacl localnet src fc00::/7       # RFC 4193 local private network rangeacl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines#################################################################################INTERNET POR HORAS#######################
acl H_ADMIN time SMTWHFA 13:00-14:00acl H_UPDATE time  SMTWHFA 13:00-14:00acl E_HORA  time  SMTWHFA  17:30-20:00acl CONNECT method CONNECT
###################################################PAGINAS ADMITIDAS HORAS TRABAJO############
acl L_ADMIN url_regex "/etc/squid/pag_personal"acl P_ADMIN url_regex "/etc/squid/pag_personalPAMPA"##############################################acl restringido url_regex "/etc/squid/restringido.acl"acl restringidoadmin url_regex "/etc/squid/restringidoadmin.acl"acl EXTENSION1 urlpath_regex -i .dll$acl EXTENSION2 urlpath_regex -i .exe$.mp3$.mov$.mpeg$.ppt$.pps$.wms$acl badsites dstdomain .facebook.comacl skype_url url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
acl ACT url_regex "/etc/squid/pag_actualizacion"
acl DIRECTORES src "/etc/squid/direccion.acl"acl ADMIN       src "/etc/squid/administrativos.acl"acl UPADMIN     src "/etc/squid/upadmin.acl"acl JEFATURALPAMPA src "/etc/squid/jefaturalpampa.acl"acl PAMPA       src "/etc/squid/adminpampa.acl"acl UPDATE      url_regex  "/etc/squid/update.acl"acl SININTERNET src "/etc/squid/negados.acl"###############################################
#acl SSL_ports port 443acl Safe_ports port 80          # httpacl Safe_ports port 21          # ftpacl Safe_ports port 443         # httpsacl Safe_ports port 70          # gopheracl Safe_ports port 210         # waisacl Safe_ports port 1025-65535  # unregistered portsacl Safe_ports port 280         # http-mgmtacl Safe_ports port 488         # gss-httpacl Safe_ports port 591         # filemakeracl Safe_ports port 777         # multiling http
#http_reply_access deny badsites JEFATURALPAMPA## Recommended minimum Access Permission configuration:## Only allow cachemgr access from localhosthttp_access allow manager localhost#http_access deny block-fnes
#http_access allow all
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports#http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent# web applications running on the proxy server who think the only# one who can access services on "localhost" is a local user#http_access deny to_localhost
## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS#
# Example rule allowing access from your local networks.# Adapt localnet in the ACL section to list your (internal) IP networks# from where browsing should be allowed
http_access allow localhosthttp_access allow DIRECTORES !ACThttp_access allow UPADMIN !restringidoadmin !EXTENSION1 !EXTENSION2http_access allow JEFATURALPAMPA !restringido !EXTENSION1 !EXTENSION2http_access allow ADMIN L_ADMIN !restringidoadmin  !EXTENSION1 !EXTENSION2http_access allow H_ADMIN ADMINhttp_access allow H_UPDATE ADMIN UPDATE !restringido !EXTENSION1 !EXTENSION2http_access allow SININTERNET UPDATEhttp_access allow PAMPA P_ADMIN !restringidoadmin !restringido !EXTENSION1 !EXTENSION2http_access allow H_ADMIN PAMPAhttp_access allow H_ADMIN JEFATURALPAMPAhttp_access allow E_HORA PAMPAhttp_access allow H_ADMIN JEFATURALPAMPAhttp_access deny badsites JEFATURALPAMPAhttp_access deny  badsiteshttp_access deny CONNECT badsites JEFATURALPAMPA
# And finally deny all other access to this proxy#http_access deny CONNECT skype_urlhttp_access deny all
# Squid normally listens to port 3128#http_port  3128 transparent#http_port  3128http_port 3128 intercept
# We recommend you to use at least the following line.hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.cache_dir ufs /var/spool/squid 10000 16 256#cache_dir aufs /var/spool/squid 1000 16 256
# Leave coredumps in the first cache dircoredump_dir /var/spool/squid####query_icmp on
#query_icmp on
############
# Add any of your own refresh_pattern entries above these
refresh_pattern -i .(html|htm|html?|htm?)$ 9440 90% 100000 override-expire reload-into-ims#refresh_pattern -i .(gif|png|jpg|jpeg|ico|bmp|tiff|webp|bif|gif?|png?|jpg?|jpeg?|ico?|bmp?|tiff?|webp?|bif?)$ 36000 90% 100000 override-expire reload-into-ims ignore-reloadrefresh_pattern .(swf|swf?|js|js?|wav|css|css?|class|dat|zsci)$ 36000 90% 100000 override-expire reload-into-imsrefresh_pattern -i .(bin|deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|docx|tiff|pdf|uxx|gz|xls|xlsx|psd|crl|msi|dll|dll?|crx|enc|skl|arc)$ 36000 90% 100000 override-expire override-lastmod reload-into-ims ignore-reloadrefresh_pattern -i .(xml)$ 0 90% 100000refresh_pattern -i .(json|json?)$ 1440 90% 5760 override-expire reload-into-imsrefresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern ^ftp:           1440    20%     10080refresh_pattern ^gopher:        1440    0%      1440refresh_pattern -i (/cgi-bin/|?) 0     0%      0refresh_pattern .               0       20%     4320#####################ignore_expect_100 onlog_icp_queries offminimum_object_size 0 KBbuffered_logs onpipeline_prefetch oncache_effective_user squidcache_effective_group squid###############maximum_object_size 250 MBmaximum_object_size_in_memory 1 MBvisible_hostname shadowunique_hostname shadow-DHS#client_db off#cache_store_log nonepositive_dns_ttl 16 day#shutdown_lifetime 0 secondcache_mem 1024 MBcache_swap_low 90cache_swap_high 95ipcache_size 8192fqdncache_size 8192######################visible_hostname mailforwarded_for onie_refresh ondns_nameservers 200.62.191.11 200.62.191.12dns_defnames off
######################
request_header_max_size 256 KBmemory_replacement_policy heap GDSFcache_replacement_policy heap LRUmemory_pools offquick_abort_min 0 KBquick_abort_max 0 KBbuffered_logs onread_ahead_gap 1 MB#access_log nonehalf_closed_clients off
······································
Gracias por la ayuda.
Luis Roman