Re: [squid-users] Strange High CPU usage

Henrik Nordstrom ha scritto:

>On Wed, 7 Jan 2004, Giulio Cervera wrote:
>
>
>
>>this is the full acl, i have also attached the full config
>>
>>
>
>Try using half_closed_clients off
>
>Regards
>Henrik
>
>

ops ...
sorry ...
i have wrong cut & paste, i need more holiday :(
the previous msg leak some part of config
this is full (verified), and half_closed_clients is already off

do you think this acl is too big for our targer ( ~200Reqs/sec ) ?

thank's and sorry again

http_port 8080
icp_port 3130

cache_peer 194.218.2.8 parent 8080 0 proxy-only no-query
no-digest
cache_peer 194.218.2.20 parent 8080 0 proxy-only no-query
no-digest
cache_peer 10.253.16.1 sibling 8080 3130 proxy-only
cache_peer 10.253.16.2 sibling 8080 3130 proxy-only
cache_peer 10.253.16.3 sibling 8080 3130 proxy-only
#cache_peer 10.253.16.4 sibling 8080 3130 proxy-only

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 64 MB

cache_swap_low 85
cache_swap_high 90

maximum_object_size 65536 KB

maximum_object_size_in_memory 24 KB

ipcache_size 2048

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

cache_dir diskd /var/cache/spool/0 28000 96 256 Q1=72 Q2=64
cache_dir diskd /var/cache/spool/1 28000 96 256 Q1=72 Q2=64
cache_dir diskd /var/cache/spool/2 28000 96 256 Q1=72 Q2=64

cache_access_log /var/cache/log/access.log
cache_log /var/cache/log/cache.log
cache_store_log none

log_ip_on_direct on

pid_filename /var/cache/run/cache.pid

ftp_user proxy@rupa.it

dns_timeout 1 minutes

hosts_file none

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

quick_abort_min 0 KB
quick_abort_max 0 KB

positive_dns_ttl 1 hours

range_offset_limit 0 KB

read_timeout 10 minutes

half_closed_clients off

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Tunnel_ports port 443-499
acl Tunnel_no_src src 10.253.0.0/16
acl Tunnel_method method CONNECT
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http 2
acl Safe_ports port 21 # ftp
acl Safe_ports port 443-499 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl clients src 10.0.0.0/8
acl clients src 172.16.0.0/12
acl clients src 192.168.0.0/16
acl clients src 194.218.0.0/19
acl locallan dst 10.253.0.0/16
acl locallan dst 194.218.2.0/23
acl proxylan dst 10.253.16.0/27
acl allowed_peer src 10.253.16.1
acl allowed_peer src 10.253.16.2
acl allowed_peer src 10.253.16.3
acl allowed_peer src 10.253.16.4

acl siteallow_url url_regex -i ^.{3,4}://.*\.public\.rupa\.it
acl siteallow_dst dst 194.218.2.160/27
acl siteallow_dst dst 10.253.64.0/24
acl siteallow_dst dst 10.253.16.0/27

acl dangurl urlpath_regex -i \.id[aq]\?.{100,} # CodeRED
acl dangurl urlpath_regex -i /readme\.(eml|nws|exe) # NIMDA

acl mgmtlan src 10.253.0.0/23
acl FTP proto FTP

acl SITIRUPA dst 194.218.0.0/19
acl SITIRUPA dst 10.0.0.0/8
acl SITIRUPA dst 172.16.0.0/16

acl LLPPProxy src 10.136.1.206
acl LLPPsicoge dst 194.218.14.15

#SNMP ACL
acl SNMPallow src 127.0.0.1/32
acl SNMPallow src 10.253.0.0/16
acl snmppublic snmp_community edsaipa

http_access allow allowed_peer

http_access allow manager localhost
http_access allow manager mgmtlan
http_access deny manager

http_access deny to_localhost
http_access deny !Safe_ports
http_access deny dangurl

http_access deny Tunnel_method Tunnel_no_src !Tunnel_ports

http_access allow siteallow_url
http_access allow siteallow_dst
http_access deny locallan

http_access allow LLPPsicoge LLPPProxy
http_access deny LLPPsicoge

http_access allow clients

http_access deny all

http_reply_access allow all

icp_access allow allowed_peer
icp_access deny all

cache_peer_access 194.218.2.8 allow FTP
cache_peer_access 194.218.2.20 allow SITIRUPA
cache_peer_access 194.218.2.20 deny all
cache_peer_access 10.253.16.1 deny SITIRUPA
cache_peer_access 10.253.16.1 allow all
cache_peer_access 10.253.16.2 deny SITIRUPA
cache_peer_access 10.253.16.2 allow all
cache_peer_access 10.253.16.3 deny SITIRUPA
cache_peer_access 10.253.16.3 allow all

cache_mgr unix@edspa.it

visible_hostname caspy008.cgi.rupa.it

logfile_rotate 0

memory_pools_limit 50 MB

store_avg_object_size 25 KB

client_db off

buffered_logs off

always_direct allow proxylan
always_direct deny FTP
always_direct deny SITIRUPA
always_direct deny all

never_direct deny proxylan
never_direct allow SITIRUPA

snmp_port 3401

snmp_access allow snmppublic SNMPallow
snmp_access deny all

coredump_dir /var/cache

ignore_unknown_nameservers off

digest_rebuild_period 15 minute

digest_rewrite_period 15 minute

-- 
*Giulio Cervera*
EDS PA SpA
Via Atanasio Soldati 80
00155 Roma (Italy)
tel: +39 06 22739 270
fax: +39 06 22739 233
e-mail: giulio.cervera@edspa.it <mailto:giulio.cervera@edspa.it>