On 23/08/11 00:03, Justin Lawler wrote:
> Hi,
>
> We have had to put in a number of URLs to the squid bypass
>
> icap_service service_1 reqmod_precache 0 icap://127.0.0.1:1344/reqmod
> icap_class class_1 service_1
>
> acl bypassIcapRequestURLregex urlpath_regex "./squid-3/etc/byPass_ICAP_request_URLregex.properties"
> icap_access class_1 deny bypassIcapRequestURLregex
>
>
> When we added 4 regular expressions to this file, we started to see the CPU usage going up quite a bit, and we started to see the number of established connections from squid to ICAP server double or triple.
>
> Is this a known issue? Is there a better/more efficient way to bypass ICAP than above?
Other than using other ACL types, no.
>
> Regular expressions were very simple, just matching end of URLs.
a) regex is a bit slow. Did you remember to anchor the ends? and
manually aggregate the patterns? avoid extended-regex pattern tricks?
b) URLs can be many KB in length. That can make URL regex very CPU
intensive.
d) routing selection ACLs are run multiple times per request.
You can turn on access control debugging (level 28,3) to see how many
times those are run and how long they take each test.
>
> We're running squid 3.0.15 on Solaris 10.
>
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10Received on Mon Aug 22 2011 - 14:29:13 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 23 2011 - 12:00:02 MDT