Comments (4)
cezaryjk
commented on September 26, 2024
from squid-windows.
cezaryjk
commented on September 26, 2024
Hi again,
And actually, it's working: pages are being served. Maybe a bit slower. And, of course, server becomes not so responsive after "saturation".
Squid service restart (from Squid console: "Stop Squid Service" and "Start...") restores stable conditions for several hours.
Our configuration is a bit complex, but I inherited it from my predecessor. And we have some policies in here as well.
I've been trying to tune it: disabled file cache, increased and changed helpers startup parameter and other. Still no luck...
Now, it looks like that:
VM server:
Hyper-V on Windows Server 2019
Memory: 16GB (dynamic from 8GB to 16GB)
Processor: 4 virtual processors
HDD: Separate for OS and for Squid files (dynamically expanding)
squid.config:
`http_port 3128
dns_nameservers 10.147.x.y 10.147.x.z
#cache_dir aufs /cygdrive/d/squidcachedir/cache 3000 16 256
cache_mem 1 GB
memory_cache_mode always
coredump_dir /var/cache/squid
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
auth_param basic program D:/Squid/lib/squid/basic_ldap_auth.exe -b "DC=xxx,DC=yyy,DC=zz" -R -D "CN=ssss,OU=pppp,OU=qqqq,OU=rrrr,DC=uuu,DC=www,DC=xxx" -f (sAMAccountName=%s) -w "password" -h 10.147.d.e -p 389
auth_param basic children 10 startup=5 idle=5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl INSIDE_IP dst 10.147.x.0/23
acl INSIDE_IP dst 10.147.y.0/23
always_direct allow INSIDE_IP
acl SSL_ports port 443 563 7770 8000
acl Safe_ports port 80 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 554 # IVMS, RSTP
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl blacklist url_regex "D:/Squid/etc/squid/black_new.list"
acl blacklist_proxyuser url_regex "D:/Squid/etc/squid/blackproxy_new.list"
acl whitelist url_regex "D:/Squid/etc/squid/white_new.list"
acl goldlist url_regex "D:/Squid/etc/squid/gold_new.list"
acl windowsupdate dstdomain "D:/Squid/etc/squid/windowsupdate.list"
acl BannedExe url_regex -i .(exe|m3u|mp2|mp3|ra|ram|rm|viv|vivo|vob|vqf|wav|wma|vbs|shs|pif|tar|ace|com)($|?)
acl BannedFiles url_regex -i .(afx|asf|au|avi|divx|exe|m3u|mov|mp2|mp3|mpeg|mpg|qt|ra|ram|rm|viv|vivo|vob|vqf|wav|wma|wmv|vbs|shs|pif|tar|ace|com)($|?)
external_acl_type ldap_group children-startup=10 children-max=15 children-idle=10 %LOGIN D:/Squid/lib/squid/ext_ldap_group_acl.exe -D "CN=ssss,OU=pppp,OU=qqqq,OU=rrrr,DC=uuu,DC=www,DC=xx" -w "password" -b "CN=Users,DC=uuu,DC=www,DC=xx" -f "(&(cn=%g)(member=%u)(objectClass=group))" -F "(sAMAccountName=%s)" -B "DC=uuu,DC=www,DC=xx" -h 10.147.161.209 -p 3268
acl everyone proxy_auth REQUIRED
acl Comp_ProxyUsers external ldap_group SW_Proxy
acl Comp_ProxyUsersYouTube external ldap_group SW_Proxy_YT
acl Comp_ProxyPowerUsers external ldap_group SW_Proxy_PowerUser
http_access allow localhost manager
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
acl wuCONNECT dstdomain outlookdiagnostics.azureedge.net
http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet
http_access allow goldlist
http_access allow Comp_ProxyPowerUsers !blacklist
http_access allow Comp_ProxyUsersYouTube !blacklist !BannedExe
http_access allow Comp_ProxyUsers !blacklist !BannedFiles !blacklist_proxyuser
http_access allow everyone whitelist
http_access deny blacklist
http_access deny all`
Can you see anything bad in it?
BR
Cezary
from squid-windows.
ra-at-diladele-com
commented on September 26, 2024
Hello Cezary,
I am very sorry we only package the application into MSI - so can only support issues related to the installation.
I would advise to consult the Squid developers. As a quick test you can deploy our other app (which we do support fully) from https://webproxy.diladele.com/download.html - but it is not squid :(
from squid-windows.
cezaryjk
commented on September 26, 2024
Hi Rafael,
Sorry to hear that...
All links related to Windows version seems to lead to you...
So, I will try on squid-cache org site.
Maybe somebody had similar issue and will share the solution?
So don't close my case yet, please :)
BR
Cezary
from squid-windows.
Related Issues (20)
- Not work in win10 21H2
- Squid 4.14 for Windows runs into stackdumpfile HOT 13
- squid ignores default DNS servers HOT 4
- Squid 3.5.27 for windows - Squid close proxy port with errors
- Enable X-Forward-For HOT 1
- Thank you for the great product!
- How to Install Squid 3.5.28 | Squid 4.14 for Windows not working on Windows Server
- SSL Bumping may cause an Unreachable Network and/or certificate issues HOT 1
- Under Windows fail to setup cache dir HOT 2
- Download Squid for Windows 3.5.28? HOT 1
- THIS PROJECT IS DEAD AND IT DOESN'T WORK ON WINDOWS HOT 8
- ssl_crtd.exe is missing from Windows installer? HOT 2
- Linux Lite Version (squid-openssl) Does Not Require Certificate For Client - Request, Can We have that on your builds for windows? HOT 1
- You have too many 'http_port' , The limit is 128 HTTP ports HOT 3
- Squid for Windows 4.14 not working on Windows Server 2019 HOT 10
- [Question] Possible to use network interface name instead of IP address?
- Install without Administrator rights
- Squid 4.14 installed on Windows 10 from MSI is missing cygcrypt-2.dll HOT 17
- Is it possible run squid-windows service on 'Network Service' Logon ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from squid-windows.