Squid autenticado deixando a internet lenta do nada

Iniciado por lfernandosg, 13 de Fevereiro de 2014, 12:36

tópico anterior - próximo tópico

lfernandosg

Esta com o squid funcionando normal em uma máquina com o ubuntu 12.04 e outro em um CentOS virtualizado. Do nada na maquina com ubuntu a internet só estava funcionando o site do IG. Então fui testar a internet em uma máquina que não passa pelo proxy e a mesma está normal.

Peguei as conf e joguei em o proxy e deixei as mesmas configurações em outro centos que tenho virtualizado e o problema continua. Quando marco o squid para o usuário autenticar, ele demora muito para abrir um site. Quando tiro a máquina do proxy, ela navega super rápido. O engraçado, é que não mudei nada e já vinha rodando a mais de 6 meses assim. Abaixo coloco o squid.conf e se algúém puder me ajudar pois como já troquei até de SO, não sei mais o que fazer.


#NOME DO SERVIDOR#####################################################
visible_hostname ubuntuserver

######################################################################
#IP+PORTA USADA ####################################################
http_port 10.0.1.254:3128
######################################################################
icp_port 0
######################################################################
#CACHE USADO-METADE DA RAM)###########################################
cache_mem 256 MB
######################################################################
#Cache Swap###########################################################
cache_swap_low 80
cache_swap_high 90
######################################################################
#OBJECT_SIZE##########################################################
maximum_object_size 200 MB
minimum_object_size 0 KB
#tamanho máximo dos objetos alocados na memória.
maximum_object_size_in_memory 30 KB
######################################################################
#DIRETORIOS DO CACHE MULTIPLOS########################################
cache_dir aufs /var/cachesquid1 5000 16 256

#Erro squid
error_directory /usr/share/squid/errors/pt-br/


# Resolve um problema com conexões persistentes que ocorre com certos servidores,
# e que provoca delays em nosso cache.
detect_broken_pconn on

# Provoca um ganho de performance ao usar conexões Pipeline (requisições em
# paralelo)
#pipeline_prefetch on







#DNS squid cache
#dns_nameservers 10.0.1.254
#dns_nameservers 127.0.0.1

#####################################################################
#LOGS################################################################
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
#####################################################################
#REGRA AUTENTICACAO
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Digite seu usuario e senha
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
####################################################################
request_body_max_size 0 MB
####################################################################

#ACL's########################################################
#SITES QUE NÃO PRECISAM DE AUTENTICACAO COM SENHA
acl NO_AUTH url_regex -i '/etc/squid/no_auth_url'
http_access allow NO_AUTH
#################################################
#SITES BLOQUEADOS PARA QUALQUER USUARIO
acl BLOCK url_regex -i '/etc/squid/bloqueados'
http_access deny BLOCK




#################################################
#MSN SÓ PARA USUARIOS DESSA ACL##################
acl bloqueiamsn url_regex -i "/etc/squid/bloqueiamsn"
acl g_liberado proxy_auth inspetor inspetornfa wellington barbara alisson neide ademario marinalva fernando rmartins vicente handerson
http_access deny bloqueiamsn !g_liberado
#################################################
##### BLOQUEIO DE DOWNLOAD DAS EXTENSOES ABAIXO##
acl extensoes url_regex -i \.bat \.scr \.mp3 \.bat \.vbs \.wmv \.wma \.mp4
http_access deny extensoes


#acl downloads urlpath_regex "/etc/squid/downloads.txt"
#http_access deny downloads
#testando a opcao abaixo
#acl downloads req_mime_type application/octet-stream application/zip audio/mpeg audio/wav video/mpeg video/avi video/quicktime video/x-msvideo video/x-ms-wmv/
#http_access deny downloads
#################################################
#REGRAS GERAIS###################################
acl localnet src 10.0.1.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 4243 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280    # http-mgmt
acl Safe_ports port 488    # gss-http
acl Safe_ports port 591    # filemaker
acl Safe_ports port 777    # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost






#Estas 'refresh_pattern' fazem com que o squid mantenha o maximo
#possivel um objeto em cache, aumentando o cache HIT e byte HIT

refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.exe$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.php$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.html$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.htm$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtml$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtm$ 0 20% 1440 reload-into-ims
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320






#SITES QUE NÃO ENTRAM NO CACHE###################
acl NO_CACHE url_regex -i '/etc/squid/no_cache_url'
no_cache deny NO_CACHE
#################################################
#AUTENTICAÇÕES POR USUARIO#######################


#Monica
acl u_monica proxy_auth monica
#Dayane
acl u_dayd proxy_auth dayd
#Junior
acl u_junior proxy_auth junior
#Sandra
acl u_sandra proxy_auth sandra
#Wellington
acl u_wellington proxy_auth wellington

acl u_dayd proxy_auth dayd

#Angelina
acl u_angelina proxy_auth angelina

e etc.. para todos usuarios


#USER:ROGERIO
acl u_rmartins_url_allow url_regex -i "/etc/squid/u_rogerio_allow"
http_access allow u_rmartins u_neide_url_allow
acl u_rmartins_url_deny url_regex -i "/etc/squid/u_rogerio_deny"
http_access deny u_rmartins u_rmartins_url_deny
#####################################################################
#USER:NEOMAR
acl u_neomar_url_allow url_regex -i "/etc/squid/u_neomar_allow"
http_access allow u_neomar u_neomar_url_allow
acl u_neomar_url_deny url_regex -i "/etc/squid/u_neomar_deny"
http_access deny u_neomar u_neomar_url_deny
#####################################################################
#USER:Vicente
acl u_vicente_url_allow url_regex -i "/etc/squid/u_vicente_allow"
http_access allow u_vicente u_vicente_url_allow
acl u_vicente_url_deny url_regex -i "/etc/squid/u_vicente_deny"
http_access deny u_vicente u_vicente_url_deny
##################################################################



e etc... para todos usuarios
#####################################################################

##################################################################




####################################################################
#LIBERAR AUTENTICACAO################################################
acl autenticados proxy_auth REQUIRED
http_access allow autenticados
#####################################################################
miss_access allow all
cache_mgr root
memory_pools on
#####################################################################
#BLOQUEIA TUDO#######################################################
http_access deny all
####################################################################
Dell Xps M1330/c2d 2.0Ghz/4GB ddr2/320GB sata/etc...

zekkerj

Citar#Monica
acl u_monica proxy_auth monica
#Dayane
acl u_dayd proxy_auth dayd
#Junior
acl u_junior proxy_auth junior
#Sandra
acl u_sandra proxy_auth sandra
#Wellington
acl u_wellington proxy_auth wellington

acl u_dayd proxy_auth dayd

#Angelina
acl u_angelina proxy_auth angelina

e etc.. para todos usuarios

Cara, fala sério que vc controla a autenticação usuário por usuário. Eles têm mesmo liberações individuais? Óbvio que vai ficar lento assim, cara... simplifica isso! procura separar a galera por grupos.

Tipo assim:

acl grupo1 proxy_auth -i monica days junior sandra
acl grupo2 proxy_auth -i "/etc/squid/nivel2.txt"
acl diretoria proxy_auth -i "/etc/squid/diretoria.txt"

acl deny_todos url_regex -i "/etc/squid/url_deny.txt"
acl deny_grupo1 url_regex -i "/etc/squid/url_deny_grupo1.txt"
acl deny_grupo2 url_regex -i "/etc/squid/url_deny_grupo2.txt"

http_access deny deny_todos !diretoria
http_access deny grupo1 url_deny_grupo1
http_access deny grupo2 url_deny_grupo2
http_access deny !diretoria
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

g4p

Verifica o espaço no seu HD. Talvez seja o armazenamento de cache no servidor.

Retorna pra gente: df -h