Re: [squid-users] squid consuming too much processor/cpu from Muhammad Sharfuddin on 2010-03-22 (squid-users)

From: Muhammad Sharfuddin <m.sharfuddin_at_nds.com.pk>
Date: Mon, 22 Mar 2010 11:38:42 +0500

On Mon, 2010-03-22 at 19:27 +1300, Amos Jeffries wrote:
> >
> > Thanks list for help.
> >
> > restarting squid is not a solution, I noticed only after 20 minutes
> > after restarting, squid started consuming/eating CPU again.
> >
> > On Wed, 2010-03-17 at 19:54 +1100, Ivan . wrote:
> >> you might want to check out this thread
> >> http://www.mail-archive.com/squid-users@squid-cache.org/msg56216.html
> > Neither I installed any package.. i.e not checked
> >
> > On Wed, 2010-03-17 at 05:27 -0700, George Herbert wrote:
> >> or install the Google malloc library and recompile Squid to
> >> use it instead of default gcc malloc.
> >
> > On Wed, 2010-03-17 at 15:01 +0200, Henrik K wrote:
> >> If the system regex is issue, wouldn't it be better/simpler to just
> >> compile
> >> with PCRE? (LDFLAGS="-lpcreposix -lpcre"). It doesn't leak and as a bonus
> >> makes your REs faster.
> > Nor I re-compiled Squid, as I have to use binary/rpm version of squid
> > that shipped with the Distro I am using
> >
> > issue resolved via removing acl that blocked almost 60K urls/domains
> >
> > commenting following worked
> > ##acl porn_deny url_regex "/etc/squid/domains.deny"
> > ##http_access deny porn_deny
> >
> > so how can I deny illegal contents/website ?
> >
>
> If those were actually domain names...
they are both urls and domain

> * use "dstdomain" type instead of regex.
ok nice suggestion

> Optimize order of ACLs so do most rejections as soon as possible with
> fastest match types.
I think its optimized, as the rule(squeezing cpu) is the first rule in
squid.conf
>
> If you don't mind sharing your squid.conf access lines we can work
> through optimizing with you.
I posted squid.conf when I start this thread/topic, but I have no issue
posting it again ;)

squid.conf:
acl myFTP port 20 21
acl ftp_ipes src "/etc/squid/ftp_ipes.txt"
http_access allow ftp_ipes myFTP
http_access deny myFTP

#### this is the acl eating CPU #####
acl porn_deny url_regex "/etc/squid/domains.deny"
http_access deny porn_deny
###############################

acl vip src "/etc/squid/vip_ipes.txt"
http_access allow vip

acl entweb url_regex "/etc/squid/entwebsites.txt"
http_access deny entweb

acl mynet src "/etc/squid/allowed_ipes.txt"
http_access allow mynet

>
> Amos

-- 
Regards
Muhammad Sharfuddin | NDS Technologies Pvt Ltd | +92-333-2144823
Novice: name a single major diff b/w Redhat and SUSE
GURU:   One is Red and the other one is Green

Received on Mon Mar 22 2010 - 06:38:47 MDT

This archive was generated by hypermail 2.2.0 : Mon Mar 22 2010 - 12:00:05 MDT