SQUID in non transparent mode has catastrophic performance drop



  • Using 2.1.5-RELEASE with squid3-dev / 3.3.10 pkg 2.2.8

    I've been using SQUID in transparent mode for a while (several weeks) and it works perfect.

    I want to implement authentication so I need to run it in non transparent mode.

    Before messing around with authentication I just wanted to see if it would run smoothly in non transparent mode.

    Here's what I did :

    1. Services > Proxy Server
      I uncheck the Transparent HTTP proxy checkbox.

    2. Firewall > Rules > LAN
      I block HTTP port (80) for TCP

    3. To make auto-configuration I followed this:
      https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

    After creating the files I added additional DHCP options like so:
    http://cl.ly/image/430u022O3N3T

    I also added a DNS host override like so:
    http://cl.ly/image/3k382b461r3N

    Tested, everything worked fine!

    WPAD would work exact for Firefox.

    And I would see that everything goes through the proxy from pfSense, in the Real Time tab of the Proxy server page.

    But as a few more users started using it, it became REALLY slow.

    And i mean EXTREMELY slow.

    So I had to disable everything!

    I don't understand why because it's the same proxy, just now it's not in transparent mode, so what would this affect performance !

    Just unblocking port 80 and re-enabling transparent mode made everything as fast as usual.

    I'm stuck at this point so any help would be greatly appreciated!



  • No one ?

    :'(



  • Go to SSH shell and run

    squidclient -p 3128 mgr:info

    Look at the Median Service Times.  Look for something that stands out, like a DNS lookup times in the 1-10+ second range.