Squid Proxy very slow
-
Dear all,
I have install pfsense 1.2.2 with Proxy server, Proxy Content filter and Snort. I access the web. But the proxy slow down with webpages with much images. I disabled content filter and delete redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3 from proxy server and I get it work.
Here a part of the squid log file:
1239894649.025 737 192.168.1.159 TCP_MISS/302 471 GET http://www.rtl.lu/ - DIRECT/81.92.238.25 text/html
1239894649.077 51 192.168.1.159 TCP_MISS/302 394 GET http://www.rtl.lu/home - DIRECT/81.92.238.25 text/html
1239894649.479 402 192.168.1.159 TCP_MISS/200 57460 GET http://www.rtl.lu/home/ - DIRECT/81.92.238.25 text/html
1239894649.574 94 192.168.1.159 TCP_MISS/304 288 GET http://images.newmedia.lu/rtl2008.lu/styles/global.css? - DIRECT/81.92.238.23 text/css
1239894649.614 39 192.168.1.159 TCP_IMS_HIT/304 261 GET http://images.newmedia.lu/rtl2008.lu/styles/reset.css - NONE/- text/css
1239894649.616 19 192.168.1.159 TCP_IMS_HIT/304 260 GET http://images.newmedia.lu/rtl2008.lu/styles/layouts.css - NONE/- text/css
1239894649.621 32 192.168.1.159 TCP_MISS/304 290 GET http://images.newmedia.lu/rtl2008.lu/styles/content.css - DIRECT/81.92.238.23 text/css
1239894649.656 59 192.168.1.159 TCP_MISS/304 289 GET http://images.newmedia.lu/rtl2008.lu/styles/legacy.css - DIRECT/81.92.238.23 text/css
1239894649.696 39 192.168.1.159 TCP_MISS/304 288 GET http://images.newmedia.lu/rtl2008.lu/styles/print.css? - DIRECT/81.92.238.23 text/css
1239894649.723 26 192.168.1.159 TCP_IMS_HIT/304 261 GET http://images.newmedia.lu/rtl2008.lu/styles/reset.css - NONE/- text/css
1239894649.748 49 192.168.1.159 TCP_MISS/304 290 GET http://images.newmedia.lu/rtl2008.lu/styles/content.css - DIRECT/81.92.238.23 text/css
1239894649.750 44 192.168.1.159 TCP_MISS/304 289 GET http://images.newmedia.lu/rtl2008.lu/styles/legacy.css - DIRECT/81.92.238.23 text/css
1239894649.807 56 192.168.1.159 TCP_MISS/304 296 GET http://images.newmedia.lu/rtl2008.lu/js/prototype.js - DIRECT/81.92.238.23 text/javascript
1239894649.846 38 192.168.1.159 TCP_IMS_HIT/304 268 GET http://images.newmedia.lu/rtl2008.lu/js/scriptaculous/src/scriptaculous.js - NONE/- text/javascript
1239894649.901 54 192.168.1.159 TCP_MISS/304 296 GET http://images.newmedia.lu/rtl2008.lu/js/scriptaculous/src/builder.js - DIRECT/81.92.238.23 text/javascript
1239894649.916 52 192.168.1.159 TCP_MISS/304 296 GET http://images.newmedia.lu/rtl2008.lu/js/scriptaculous/src/effects.js - DIRECT/81.92.238.23 text/javascript
1239894649.926 9 192.168.1.159 TCP_IMS_HIT/304 267 GET http://images.newmedia.lu/rtl2008.lu/js/scriptaculous/src/sound.js - NONE/- text/javascript
1239894649.935 33 192.168.1.159 TCP_MISS/304 296 GET http://images.newmedia.lu/rtl2008.lu/js/scriptaculous/src/slider.js - DIRECT/81.92.238.23 text/javascript
1239894649.937 64 192.168.1.159 TCP_MISS/304 296 GET http://images.newmedia.lu/rtl2008.lu/js/scriptaculous/src/dragdrop.js - DIRECT/81.92.238.23 text/javascript
1239894649.939 66 192.168.1.159 TCP_MISS/304 295 GET http://images.newmedia.lu/rtl2008.lu/js/scriptaculous/src/controls.js - DIRECT/81.92.238.23 text/javascript
1239894649.999 59 192.168.1.159 TCP_MISS/304 297 GET http://images.newmedia.lu/rtl2008.lu/js/rtl.js? - DIRECT/81.92.238.23 text/javascript
1239894650.037 38 192.168.1.159 TCP_MISS/304 296 GET http://images.newmedia.lu/rtl2008.lu/js/swfobject.js - DIRECT/81.92.238.23 text/javascript
1239894650.050 12 192.168.1.159 TCP_IMS_HIT/304 289 GET http://www.rtl.lu/metriweb/mwTag.js - NONE/- application/javascript
1239894650.082 31 192.168.1.159 TCP_IMS_HIT/304 261 GET http://images.newmedia.lu/rtl2008.lu/global/bg.png - NONE/- image/png
1239894650.155 103 192.168.1.159 TCP_MISS/200 344 GET http://rtlu.metriweb.be/dyn/rtlu/mw.cgi? - DIRECT/212.35.126.184 image/gifLog from block.log
2009-04-16 17:33:48 [14425] Request(Chef_de_service/blk_blacklists_ads/-) http://be.sitestat.com/rtllu/rtllu/s?home.index&ns__t=1239892326900&category=home 192.168.1.159/- - GET REDIRECT
2009-04-16 17:33:48 [14423] Request(Chef_de_service/blk_blacklists_ads/-) http://adserver.adtech.de/addyn|3.0|694|1431994|0|225|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=694823665;misc=1239892326900;rdclick= 192.168.1.159/- - GET REDIRECTThanks for help.
Kind regards
Ernie
-
How many users you have ?
-
-
Sorry for late response,
For dvserg:
We have 35-40 users.
For mhab12:
We already do this
autoboot_delay="1"
vm.kmem_size="435544320"
vm.kmem_size_max="535544320"
kern.ipc.nmbclusters="32768"
kern.maxfiles="65536"
kern.maxfilesperproc="32768"
net.inet.ip.portrange.last="65535"But nothing change.
I notice that page becomes slow or blocks if some links in the page a blocked from content filter and I obtains with this error
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: https://192.168.2.18:80/sgerror.php?
The following error was encountered:Connection to 192.168.2.18 Failed
The system returned:(60) Operation timed out
The remote host or network may be down. Please try the request again.
-
Ok. I found my error.
I found in this forum that internal https redirection doesn't work for squidguard.
Thanks to all.
Kind regards
Ernie