Squid muito lento

sesshoumaru
(usa Debian)

Enviado em 29/08/2016 - 13:54h

Galera boa tarde!

Estou tendo muito problema com lentidão na internet. Uso uma GVT 25M na empresa e quando os usuários vão acessar a internet está muito lenta, quando acesso o roteador diretamente a internet fui legal.

Se alguém puder ajudar. Agradeço.

não sei se pode ser alguma configuração segue o meu squid. conf


http_port IP:3128
visible_hostname EDU118


cache_dir ufs /var/spool/squid 16000 16 256
cache_mem 1024 MB
maximum_object_size_in_memory 4096 KB
maximum_object_size 102400 KB
minimum_object_size 64 KB
#cache_dir ufs /var/spool/squid 100 64 64
#cache_dir ufs /var/spool/squid 5120 16 256
cache_access_log /var/log/squid/access.log
coredump_dir /var/spool/squid

cache_store_log none
logfile_rotate 3

####Otimizacao SQUID

half_closed_clients off
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
#cache_dir diskd /var/spool/squid 10000 64 256 Q1=64 Q2=72
dns_nameservers 8.8.8.8
#############################################


error_directory /usr/share/squid/errors/Portuguese

#Poircentagem de uso do cache de disco minimo e maximo
cache_swap_low 90
cache_swap_high 93


#log de uso do cache em disco
#ache_access_log /var/log/squid/cache.log

#criacao da acl all
#acl all src 0.0.0.0/0.0.0.0
#acl localhost src 127.0.0.1/255.255.255.255
#acl docentes src 10.189.64.128/255.255.255.192
#acl biblioteca src 10.189.64.192/255.255.255.224
#acl wireless src 10.189.67.128/255.255.255.192
#acl lab01 src 10.189.65.0/255.255.255.224
#acl lab02 src 10.189.65.32/255.255.255.224
#acl lab03 src 10.189.65.64/255.255.255.224
#acl lab04 src 10.189.65.96/255.255.255.224
#acl lab05 src 10.189.65.128/255.255.255.224
#acl lab06 src 10.189.65.160/255.255.255.224
#acl lab07 src 10.189.65.192/255.255.255.224
#acl lab08 src 10.189.65.224/255.255.255.224
#acl lab09 src 10.189.66.0/255.255.255.224
#acl lab10 src 10.189.65.32/255.255.255.224
#acl lab11 src 10.189.65.64/255.255.255.224
#acl lab12 src 10.189.65.96/255.255.255.224
#acl lab13 src 10.189.65.128/255.255.255.224
#acl lab14 src 10.189.65.160/255.255.255.224
#acl labDiversos src 10.189.65.192/255.255.255.224
#acl docentes2 src 10.189.67.64/255.255.255.192
#acl sitecache dstdomain /etc/squid/files/site_cache

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl Estacoes src 10.106.2.0/255.255.255.0
acl Wifi-ADM src 10.106.3.0/255.255.255.0
acl SRV-Educ src 10.106.4.0/255.255.255.128
acl Biblioteca src 10.106.4.128/255.255.255.128
acl Sala_aula_Preparacao src 10.106.5.0/255.255.255.0
acl LAB_CLP src 10.106.6.0/255.255.255.128
acl LAB_Microcontroladores src 10.106.6.128/255.255.255.128
acl LAB_Automacao src 10.106.7.0/255.255.255.128
acl LAB_Informatica src 10.106.7.128/255.255.255.128
acl LAB_CAD src 10.106.8.0/255.255.255.128
acl LAB_CNC src 10.106.8.128/255.255.255.128
acl LAB_Projetos src 10.106.9.0/255.255.255.128
acl LAB_Ferramentaria src 10.106.9.128/255.255.255.128
acl LAB01 src 10.106.10.0/255.255.255.128
acl LAB02 src 10.106.10.128/255.255.255.128
acl LAB03 src 10.106.11.0/255.255.255.128
acl Wifi_EDUC src 10.106.12.0/255.255.255.0
acl SRV-Diversos src 10.106.14.0/255.255.255.0
acl sitecache dstdomain /etc/squid/files/site_cache


#acl sitecache dstdomain www.saepsenai.caedufjf.net
no_cache deny sitecache

#Acl Bloqueia Face menos na biblioteca docntes2 docentes wireless
acl face dstdomain "/etc/squid/files/facebook"
acl face_doc dstdomain "/etc/squid/files/facebook"

#Acl libera dominio
#acl sitefree dstdomain "/etc/squid/files/dominio"
#http_access allow sitefree

#criacao da acl manager
acl manager proto cache_object
http_access allow manager
http_access deny manager
# FTP
ftp_passive on
ftp_list_width 16

#regras de atualizacao
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern . 15 20% 2280

#Libera site sem autenticacao
acl libsite url_regex -i "/etc/squid/files/libsite"
http_access allow libsite

#Autenticacao via Ldap
auth_param basic program /usr/lib/squid/ldap_auth -v 3 -R -b ou=Usuarios,dc=EDU118 -D cn=admin,dc=EDU118 -w Senha -f uid=%s -h 127.0.0.1
#auth_param basic program /usr/lib/squid/ldap_auth -v 3 -b ou=Usuarios,dc=educacional,dc=118 -D cn=admin,dc=educacional,dc=118 -w Senha -f uid=%s -h 127.0.0.1
auth_param basic children 5
auth_param basic realm Digite sua senha do dominio EDU118
auth_param basic credentialsttl 5 minute

#----------ACL Libera Download------------
#acl libdownload proxy_auth "/etc/squid/files/libdownload"
#reply_body_max_size 10485760 deny all !libdownload

#
# -----------------------------------------------------------------------------

#***********************OPTIONS FOR TUNING THE CACHE***************************

# -----------------------------------------------------------------------------
#request_header_max_size 20 KB
#request_body_max_size 0 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#quick_abort_min 16 KB
#quick_abort_max 16 KB
#quick_abort_pct 95

negative_ttl 5 minute
positive_dns_ttl 6 hour
negative_dns_ttl 1 minute
range_offset_limit 0 KB
forward_timeout 4 minutes
connect_timeout 1 hour
peer_connect_timeout 30 seconds
read_timeout 15 minute
request_timeout 1 minute
persistent_request_timeout 1 minute
client_lifetime 3 hour
pconn_timeout 120 second
ident_timeout 10 seconds
shutdown_lifetime 30 second

acl autenticados proxy_auth REQUIRED

#tratativa para biblioteca
acl bib proxy_auth "/etc/squid/files/biblioteca"
#cl ip_bib src "/etc/squid/files/ip_bib"
#acl bibli src 10.104.4.0/255.255.255.0
http_access deny bib !Biblioteca

authenticate_ttl 2 minutes
authenticate_ip_ttl 3600 seconds

# CONEXOES DE USUARIOS POR IPs
acl ip_max max_user_ip -s 1

#criacao da acl Safe_ports
acl Safe_ports port 80 # http
acl Safe_ports port 8080 # http,tomcat
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 20 # ftp
acl Safe_ports port 993 # Imap SSL
acl Safe_ports port 6891 # Imap MSN
acl Safe_ports port 5800 #vnc

#external_acl_type perido %LOGIN /root/ldap/bin/periodo.sh
#acl ACL-PERIODO external periodo

#acl Bloqueia sites
#acl bloq_sites url_regex -i "/etc/squid/files/bloq_sites"
#http_access deny bloq_sites

# Administrador e Suporte
acl admin_permitido proxy_auth "/etc/squid/files/admin"

# Grupos de Docentes
acl usuario_bloqueados proxy_auth "/etc/squid/files/usuarios_bloqueados_redes"

# Liberados direto pelo administrador
acl alunos_permitidos proxy_auth "/etc/squid/files/alunos_permitidos"
acl ALUNOS-TECNICO-MANHA proxy_auth "/etc/squid/files/tecnico-manha"
acl ALUNOS-TECNICO-TARDE proxy_auth "/etc/squid/files/tecnico-tarde"
acl ALUNOS-INTEGRAL proxy_auth "/etc/squid/files/integral"
acl ALUNOS-MANHA proxy_auth "/etc/squid/files/manha"
acl ALUNOS-TARDE proxy_auth "/etc/squid/files/tarde"
acl ALUNOS-NOITE proxy_auth "/etc/squid/files/noite"
acl ALUNOS-TOTAL proxy_auth "/etc/squid/files/alunos_total"

#Liberar maquina intervalos alunos
acl lib_mac arp "/etc/squid/files/lib_mac.txt"

#liberar por dominio
acl libdom dstdomain "/etc/squid/files/libdom.txt"

# Liberados pelos docentes
acl ALUNOS_PERMITIDOS proxy_auth "/etc/squid/files/internet/alunos_permitidos"
acl ORKUT proxy_auth "/etc/squid/files/internet/orkut_intervalo"


# Controle de Horarios
acl MANHA time MTWHF 07:45-11:40
acl TECNICO-MANHA time MTWHF 07:45-11:40
acl TECNICO-TARDE time MTWHF 13:20-17:10
acl INTEGRAL time MTWHF 07:45-17:10
acl TARDE time MTWHF 13:15-17:10
acl NOITE time MTWHF 17:00-22:45
acl HORA time MTWHFAS 07:45-22:45

# Intervalos liberados para acesso
acl INTERVALO-MANHA time MTWHF 09:15-09:55
acl INTERVALO-TARDE time MTWHF 14:45-15:25
acl INTERVALO-TECNICO-TARDE time MTWHF 15:25-15:55
acl INTERVALO-ALMOCO time MTWHF 11:35-13:15
acl INTERVALO-NOITE time MTWHF 20:00-20:45

#Criacao de acl bloqueio msn
acl lib-msn arp "/etc/squid/files/libmsn.txt"
acl srv-msn dst 207.46.110.0/24
acl port-msn port 1863
acl msn url_regex -i gateway.messenger.com
acl app-msn rep_mime_type -i ^application/x-msn-messenger$

acl CONNECT method CONNECT

#########################################
# #
# ACL Bloqueia Videos Online #
# #
#########################################
#acl musica urlpath_regex -i "/etc/squid/files/extencao_streaming.txt"
#acl streaming rep_mime_type -i "/etc/squid/files/site_streaming"

#http_access deny musica !SRV-Educ
#http_reply_access deny streaming
#acl streaming req_mime_type ^video/x-ms-asf
#acl streamingreply rep_mime_type ^video/x-ms-asf
#acl streaming req_mime_type -i "/etc/squid/files/blockmime"
#acl videomusic urlpath_regex -i \.aif$ \.aifc$ \.aiff$ \.asf$ \.asx$ \.avi$ \.au$ \.m3u$ \.med$ \.mp3$ \.m1v$ \.mp2$ \.mp2v$ \.mpa$ \.mov$ \.mpe$ \.mpg$ \.mpeg$ \.ogg$ \.pls$ \.ram$ \.ra$ \.ram$ \.snd$ \.wma$ \.wmv$ \.wvx$ \.mid$ \.midi$ \.rmi$ \.flv$
#acl videomusic urlpath_regex -i "/etc/squid/files/musicvideo"

#http_access deny streaming all
#http_reply_access deny streamingreply all
#http_access deny videomusic all
acl media rep_mime_type video/flv video/x-flv
acl media rep_mime_type -i ^video/
acl media rep_mime_type -i ^video\/
acl media rep_mime_type ^application/x-shockwave-flash
acl media rep_mime_type ^application/vnd.ms.wms-hdr.asfv1
acl media rep_mime_type ^application/x-fcs
acl media rep_mime_type ^application/x-mms-framed
acl media rep_mime_type ^video/x-ms-asf
acl media rep_mime_type ^audio/mpeg
acl media rep_mime_type ^audio/x-scpls
acl media rep_mime_type ^video/x-flv
acl media rep_mime_type ^video/mpeg4
acl media rep_mime_type application/ocsp-response
acl media rep_mime_type ms-hdr
acl media rep_mime_type x-fcs
acl mediapr urlpath_regex \.flv(\?.*)?$
acl mediapr urlpath_regex -i \.(avi|mp4|mov|m4v|mkv|flv)(\?.*)?$
acl mediapr urlpath_regex -i \.(mpg|mpeg|avi|mov|flv|wmv|mkv|rmvb)(\?.*)?$

http_access deny mediapr
http_reply_access deny media





############################################################
###############Configuracao correta#########################

icp_access allow all
miss_access allow all

http_access allow manager localhost
http_access deny manager
http_access deny msn !lib-msn
http_access deny app-msn
http_access deny port-msn
http_access deny srv-msn
http_access allow admin_permitido

http_access deny CONNECT !Safe_ports

http_access deny usuario_bloqueados !Biblioteca
http_access allow alunos_permitidos Biblioteca

http_access allow port-msn !lib-msn
http_access allow app-msn !lib-msn
http_access allow srv-msn !lib-msn

#ACL Liberacao de Facebook por usuario
acl face_user proxy_auth "/etc/squid/files/face_user"

http_access allow face_doc face_user
http_access deny face
#!Biblioteca

#!docentes !docentes2


# Nega todos por horario, porem libera nos intervalos, libera alunos fora do horario excecao
# Horario Intervalo Lista Usuarios Excecao

http_access deny MANHA !INTERVALO-MANHA ALUNOS-MANHA !ALUNOS_PERMITIDOS
http_access deny TECNICO-MANHA !INTERVALO-MANHA ALUNOS-TECNICO-MANHA !ALUNOS_PERMITIDOS
http_access deny TECNICO-TARDE !INTERVALO-TECNICO-TARDE ALUNOS-TECNICO-TARDE !ALUNOS_PERMITIDOS
http_access deny TARDE !INTERVALO-TARDE ALUNOS-TARDE !ALUNOS_PERMITIDOS
http_access deny HORA !NOITE ALUNOS-NOITE !ALUNOS_PERMITIDOS
http_access deny HORA !INTERVALO-NOITE ALUNOS-TOTAL !ALUNOS_PERMITIDOS


#Integral
# Horario Intervalos Lista Usuarios Excecao
http_access deny INTEGRAL !INTERVALO-MANHA !INTERVALO-ALMOCO !INTERVALO-TARDE ALUNOS-INTEGRAL !ALUNOS_PERMITIDOS


##################################
# #
# CONTROLE DE BANDA #
# #
##################################

acl sites_1k url_regex -i "/etc/squid/files/sites_1k.txt"
acl sites_50k url_regex -i "/etc/squid/files/sites_50k.txt"

##Limita tamnaho download facebook e youtube

#reply_body_max_size 10240 deny sites_1k sites_50k

delay_pools 2
#Nao limita banda para ninguem do grupo wireless e os outros
delay_class 1 2
delay_parameters 1 -1/-1 1000/1000 1000/1000
delay_access 1 allow sites_1k Biblioteca Estacoes Wifi-ADM Sala_aula_Preparacao LAB_CLP LAB_Microcontroladores LAB_Automacao LAB_Informatica LAB_CAD LAB_CNC LAB_Projetos LAB_Ferramentaria LAB01 LAB02 LAB03 Wifi_EDUC SRV-Diversos !SRV-Educ
delay_class 2 2
delay_parameters 2 -1/-1 50000/50000 50000/50000
delay_access 2 allow sites_50k Biblioteca Estacoes Wifi-ADM Sala_aula_Preparacao LAB_CLP LAB_Microcontroladores LAB_Automacao LAB_Informatica LAB_CAD LAB_CNC LAB_Projetos LAB_Ferramentaria LAB01 LAB02 LAB03 Wifi_EDUC SRV-Diversos !SRV-Educ

#http_access deny ALUNOS-INTEGRAL

#http_access deny ORKUT libdom !INTERVALO-MANHA !INTERVALO-ALMOCO !INTERVALO-TARDE !ALUNOS_PERMITIDOS

#http_access deny OverConnLimit

#ACL bloquenado pt/ac
acl bloq_pt proxy_auth "/etc/squid/files/pt"
http_access deny bloq_pt
http_access deny ip_max

#Essa opcao OFF mosra no log enderecos completos
strip_query_terms off
ie_refresh on

# Liberar maquinas por mac no intervalo
#http_access allow lib_mac

http_access allow autenticados
follow_x_forwarded_for allow autenticados
http_access deny localhost all

#http_reply_access allow all
#icp_access allow all

SuperSlackware
(usa Slackware)

Enviado em 03/09/2016 - 21:44h

http://gutocarvalho.net/dokuwiki/doku.php/squid_autenticando_em_ntlm