SQUID in non transparent mode has catastrophic performance drop

  • Using 2.1.5-RELEASE with squid3-dev / 3.3.10 pkg 2.2.8

    I've been using SQUID in transparent mode for a while (several weeks) and it works perfect.

    I want to implement authentication so I need to run it in non transparent mode.

    Before messing around with authentication I just wanted to see if it would run smoothly in non transparent mode.

    Here's what I did :

    1. Services > Proxy Server
      I uncheck the Transparent HTTP proxy checkbox.

    2. Firewall > Rules > LAN
      I block HTTP port (80) for TCP

    3. To make auto-configuration I followed this:

    After creating the files I added additional DHCP options like so:

    I also added a DNS host override like so:

    Tested, everything worked fine!

    WPAD would work exact for Firefox.

    And I would see that everything goes through the proxy from pfSense, in the Real Time tab of the Proxy server page.

    But as a few more users started using it, it became REALLY slow.

    And i mean EXTREMELY slow.

    So I had to disable everything!

    I don't understand why because it's the same proxy, just now it's not in transparent mode, so what would this affect performance !

    Just unblocking port 80 and re-enabling transparent mode made everything as fast as usual.

    I'm stuck at this point so any help would be greatly appreciated!

  • No one ?


  • Go to SSH shell and run

    squidclient -p 3128 mgr:info

    Look at the Median Service Times.  Look for something that stands out, like a DNS lookup times in the 1-10+ second range.

Log in to reply