[squid-users] squid stops responding after N number of connections

Hi All,

I have a setup with c-icap, squid, dansguardian running on freebsd8.1

Everytime once the number of connections to squid crosses 410, it just
stops responding or page loading time become extremely slow.

squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly
plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

acl blocked_sites url_regex -i "/usr/local/etc/squid_banned.txt"
http_access deny blocked_sites

acl blocked_domains dstdomain "/usr/local/etc/squid_banned2.txt"
http_access deny blocked_domains

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

icap_enable          on
icap_preview_enable  on
icap_preview_size    -1

icap_send_client_ip  on

icap_service service_req reqmod_precache bypass=0
icap://127.0.0.1:1344/srv_clamav
icap_service service_resp respmod_precache bypass=0
icap://127.0.0.1:1344/srv_clamav
adaptation_service_set class_antivirus service_req service_resp

acl microsoft dstdomain .windowsupdate.com .microsoft.com

adaptation_access service_req deny microsoft

adaptation_access service_resp deny microsoft

acl microsoft3 dstdomain java.com
adaptation_access service_req deny microsoft3
adaptation_access service_resp deny microsoft3

acl microsoft4 dstdomain .microsoft.com
adaptation_access service_req deny microsoft4
adaptation_access service_resp deny microsoft4

acl microsoft5 dstdomain .sun.com
adaptation_access service_req deny microsoft5
adaptation_access service_resp deny microsoft5

adaptation_access service_req allow all
adaptation_access service_resp allow all

http_access deny localnet
http_access allow localhost

http_access allow dansguardian
http_access deny all
http_port 3128

hierarchy_stoplist cgi-bin ?

cache_mem 256 MB
cache_swap_low 85
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 20 KB

ipcache_size 2048
ipcache_low 90
ipcache_high 95
ipcache_size 1024
fqdncache_size 4096

cache_dir ufs /usr/home/squid/cache 6000 14 256

coredump_dir /usr/home/squid/cache

access_log /usr/home/squid/logs/access.log squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

any idea?

Thanks & Regards,
A
Received on Mon Oct 25 2010 - 01:09:23 MDT