hello ,
thanks Amos , ive modified the config file as u suggested .
after removing the raid 0 , ive noted a better performance .
=============================================================
in general , browsing speed is lower than the speed in the absence of squid
, but any way it is acceptable and i wish to enhance it as i can !
======================================================
As i mentioned in the beginning , i have an excellent hardware with about 32
G ram.
but i have major problem in squid-guard !!
after sometime it begins to bypass!!!!!!
i searched to use dansguardian instead of squid-guard but it seems that
dansguardian is not compatible with tproxy !!===> seems as shook to me !
==================================================
i have pumped only 1000 users with about 150-180 M only !!!!
here is the log of squidguard !
==============
2013-02-24 06:25:32 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://surprises.tango.me/ts//assets/ayol_fairy_gingerbread_surprise_2-UI_VG_SELECTOR_PACK-android.zip
2013-02-24 06:25:38 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://ds.serving-sys.com/BurstingRes//Site-38682/Type-11/8986049_182e1c3c-0f89-4ee4-b991-0c98ef5d36d9.js
2013-02-24 06:25:45 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://surprises.tango.me/ts//assets/ayol_im_ttyl_surprise_2-ANIMATION_PACK-.zip
2013-02-24 06:25:46 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://surprises.tango.me/ts//assets/ayol_im_ttyl_surprise_2-UI_VG_SELECTOR_PACK-android.zip
2013-02-24 06:25:50 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://77.243.189.57/cdn.putlocker.com/r1KH3Z/aMY6kLQ9Y4nVxYoGofr/F778Rl7N1PtcjpnR72foOrRFQFTTOWnIjvwbKzKKLDpTC3nv4Kh/K+3FFomVqpbeDogNm0/cKEgcunONMTnmaPr7n//KF5/814INq/4yNylLOToeoy6OJKctncNXM2dS5HRPZcpOAmCNMA+O3NUW6S6DkghtNARxhxt4bEYRC7/f/g701W8M3Jmk59GYBDKY/HtvLMMpN59j17pg=/wrath.of.the.titans.2012_bae33_f43c0.flv
2013-02-24 06:26:01 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//03-02-2013/117x78/0Double-Team-1997-Dutch-Front-Cover-72004.jpg
2013-02-24 06:26:02 [17282] Warning: Possible bypass attempt. Found a
trailing dot in the domain name:
http://dnl-19.geo.kaspersky.com/index/../bases/wmuf/wmuf-0607g.xml.dif
2013-02-24 06:26:07 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//20-01-2013/117x78/013590551321.jpg
2013-02-24 06:26:11 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//24-02-2013/90x70/0157950561.jpg
2013-02-24 06:26:15 [17283] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//24-02-2013/152x125/VMP0original%20(4).jpg
2013-02-24 06:26:20 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.01.01.07
2013-02-24 06:26:21 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://213.171.205.238/rules///archive201302/sc1.bin.incr.2013.02.24.01.55.06
2013-02-24 06:26:24 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://213.171.205.238/rules///archive201302/sc1.bin.incr.2013.02.24.02.42.47
2013-02-24 06:26:25 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://rpc-php.trafficfactory.biz/tower-1xfooter-1/bf6b32919541f9227b4fceedb513d3e9/1//xvideos/display.js?v=0.010611487734062397
2013-02-24 06:26:31 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://213.171.205.238/rules///sc17.bin.incr.2013.02.23.21.01.08
2013-02-24 06:26:33 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://87.106.240.241/rules///sc17.bin.incr.2013.02.23.22.01.07
2013-02-24 06:26:34 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.04.01.06
2013-02-24 06:26:41 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.06.01.06
2013-02-24 06:26:49 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.10.01.08
2013-02-24 06:26:57 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.12.01.27
2013-02-24 06:26:58 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.15.01.07
2013-02-24 06:26:59 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.bokra.net/images//play_btn.png
2013-02-24 06:27:02 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//27-01-2013/139x96/03ala_mar_alzman.jpg
2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found a
trailing dot in the domain name:
http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-24 06:27:06 [17282] Warning: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://109.123.106.253/rules///sc17.bin.incr.2013.02.11.17.01.08
2013-02-24 06:27:07 [17282] Warning: Possible bypass attempt. Found a
trailing dot in the domain name:
http://www.google.ps/xjs/_/js/i/qi/rt=j/ver=TRRqyfYv7Gg.en_US./d=0/sv=1/rs=AItRSTORVFAb4tDIudEqfOL475VKj3yMmw
^Z
[1]+ Stopped tailf /usr/local/squidGuard/log/squidGuard.log
[root_at_squid ~]#
==============================
here is a sample of cache.log file:
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:41| clientProcessRequest: Invalid Request
2013/02/24 06:25:00| clientProcessRequest: Invalid Request
2013/02/24 06:25:04| clientProcessRequest: Invalid Request
2013/02/24 06:25:07| clientProcessRequest: Invalid Request
2013/02/24 06:25:09| helperHandleRead: unexpected reply on channel 0 from
redirector #1 ''
2013/02/24 06:25:09| clientProcessRequest: Invalid Request
2013/02/24 06:25:11| clientProcessRequest: Invalid Request
2013/02/24 06:25:11| clientProcessRequest: Invalid Request
2013/02/24 06:25:21| clientProcessRequest: Invalid Request
2013/02/24 06:25:23| clientProcessRequest: Invalid Request
2013/02/24 06:25:28| clientProcessRequest: Invalid Request
2013/02/24 06:25:35| clientProcessRequest: Invalid Request
2013/02/24 06:25:36| clientProcessRequest: Invalid Request
2013/02/24 06:25:56| clientProcessRequest: Invalid Request
2013/02/24 06:26:07| clientProcessRequest: Invalid Request
2013/02/24 06:26:11| clientProcessRequest: Invalid Request
2013/02/24 06:26:17| clientProcessRequest: Invalid Request
2013/02/24 06:26:19| clientProcessRequest: Invalid Request
2013/02/24 06:26:23| helperHandleRead: unexpected reply on channel 0 from
redirector #1 ''
2013/02/24 06:26:29| clientProcessRequest: Invalid Request
2013/02/24 06:26:32| clientProcessRequest: Invalid Request
2013/02/24 06:26:34| clientProcessRequest: Invalid Request
2013/02/24 06:26:36| clientProcessRequest: Invalid Request
2013/02/24 06:26:38| clientProcessRequest: Invalid Request
2013/02/24 06:26:40| clientProcessRequest: Invalid Request
2013/02/24 06:26:52| clientProcessRequest: Invalid Request
2013/02/24 06:26:53| clientProcessRequest: Invalid Request
2013/02/24 06:27:04| clientProcessRequest: Invalid Request
2013/02/24 06:27:10| clientProcessRequest: Invalid Request
2013/02/24 06:27:10| clientProcessRequest: Invalid Request
2013/02/24 06:27:23| clientProcessRequest: Invalid Request
2013/02/24 06:27:28| clientProcessRequest: Invalid Request
2013/02/24 06:27:40| clientProcessRequest: Invalid Request
2013/02/24 06:27:40| clientProcessRequest: Invalid Request
2013/02/24 06:27:42| clientProcessRequest: Invalid Request
2013/02/24 06:27:46| squidaio_queue_request: WARNING - Queue congestion
2013/02/24 06:27:51| clientProcessRequest: Invalid Request
2013/02/24 06:27:57| clientProcessRequest: Invalid Request
2013/02/24 06:27:59| statusIfComplete: Request not yet fully sent "POST
http://cr.torchbrowser.com/"
2013/02/24 06:28:08| clientProcessRequest: Invalid Request
2013/02/24 06:28:12| clientProcessRequest: Invalid Request
2013/02/24 06:28:15| clientProcessRequest: Invalid Request
2013/02/24 06:28:18| clientProcessRequest: Invalid Request
2013/02/24 06:28:24| clientProcessRequest: Invalid Request
2013/02/24 06:28:25| clientProcessRequest: Invalid Request
2013/02/24 06:28:27| clientProcessRequest: Invalid Request
==============================================
here is the config file after all modifications :
[root_at_squid dansguardian-2.12.0.3]# cat /etc/squid/squid.conf
# squid Config By "xxx" "xxx
###################
acl all src all
acl manager proto cache_object
acl localnet src 192.168.1.0/24 z.z.0.0/16 z.z.0.0/16
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 590 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
################################
visible_hostname squid
coredump_dir /var/spool/squid
####squidguard###################
redirect_program /usr/local/bin/squidGuard -c
/usr/local/squidGuard/squidGuard.conf
redirector_bypass on
url_rewrite_children 200
cache_effective_user squid
cache_effective_group squid
##############################
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow localnet
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access deny all
#Allow ICP queries from everyone
icp_access allow all
#######################################
access_log /var/log/squid/access.log
cache_dir aufs /cache1 500000 32 256
cache_dir aufs /cache2 500000 32 256
cache_dir aufs /cache3 500000 32 256
cache_mem 20000 MB
##########################
http_port 127.0.0.1:3128
http_port x.x.x:65000
http_port 3128
http_port 3129 tproxy
########### Performance Related Config:
relaxed_header_parser on
vary_ignore_expire on
##########################################
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
###########################################
ipcache_size 2048
ipcache_low 98
ipcache_high 99
memory_pools off
pipeline_prefetch on
############################################
httpd_suppress_version_string on
server_persistent_connections on
client_persistent_connections on
pconn_timeout 2 minutes
persistent_request_timeout 1 minute
###########################################
########### WCCP2 Config#############
wccp2_router x.x.x.x
wccp_version 2
wccp2_forwarding_method 2
wccp2_return_method 2
#wccp2_assignment_method mask
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
##########################################
###########################################
#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#################################################
forwarded_for on
max_filedescriptors 65536
max_open_disk_fds 65536
relaxed_header_parser on
reload_into_ims on
client_lifetime 15 minutes
read_timeout 5 minutes
request_timeout 1 minutes
ie_refresh on
ignore_expect_100 on
vary_ignore_expire on
###############################
################################
httpd_suppress_version_string on
server_persistent_connections on
client_persistent_connections on
pconn_timeout 2 minutes
persistent_request_timeout 1 minute
shutdown_lifetime 20 seconds
#############################
cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
minimum_object_size 0
maximum_object_size 130 MB
###############################
wish the outputs above , help to solve the problem of squid-guard bypassing
with my best regards..
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/slow-browsing-in-centos-6-3-with-squid-3-tp4658635p4658675.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Sun Feb 24 2013 - 11:30:51 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 25 2013 - 12:00:04 MST
