Squid 4.14 and helpers use 100% of CPU #111
Comments
|
|
|
Hi again, Our configuration is a bit complex, but I inherited it from my predecessor. And we have some policies in here as well. squid.config: dns_nameservers 10.147.x.y 10.147.x.z #cache_dir aufs /cygdrive/d/squidcachedir/cache 3000 16 256 cache_mem 1 GB coredump_dir /var/cache/squid hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin ? auth_param basic program D:/Squid/lib/squid/basic_ldap_auth.exe -b "DC=xxx,DC=yyy,DC=zz" -R -D "CN=ssss,OU=pppp,OU=qqqq,OU=rrrr,DC=uuu,DC=www,DC=xxx" -f (sAMAccountName=%s) -w "password" -h 10.147.d.e -p 389 auth_param basic children 10 startup=5 idle=5 refresh_pattern ^ftp: 1440 20% 10080 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl INSIDE_IP dst 10.147.x.0/23 acl SSL_ports port 443 563 7770 8000 acl Safe_ports port 80 8080 # http acl blacklist url_regex "D:/Squid/etc/squid/black_new.list" acl BannedExe url_regex -i .(exe|m3u|mp2|mp3|ra|ram|rm|viv|vivo|vob|vqf|wav|wma|vbs|shs|pif|tar|ace|com)($|?) external_acl_type ldap_group children-startup=10 children-max=15 children-idle=10 %LOGIN D:/Squid/lib/squid/ext_ldap_group_acl.exe -D "CN=ssss,OU=pppp,OU=qqqq,OU=rrrr,DC=uuu,DC=www,DC=xx" -w "password" -b "CN=Users,DC=uuu,DC=www,DC=xx" -f "(&(cn=%g)(member=%u)(objectClass=group))" -F "(sAMAccountName=%s)" -B "DC=uuu,DC=www,DC=xx" -h 10.147.161.209 -p 3268 acl everyone proxy_auth REQUIRED acl Comp_ProxyUsers external ldap_group SW_Proxy http_access allow localhost manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl wuCONNECT dstdomain www.update.microsoft.com http_access allow CONNECT wuCONNECT localnet http_access allow windowsupdate localnet http_access allow goldlist Can you see anything bad in it? |
|
Hello Cezary, I am very sorry we only package the application into MSI - so can only support issues related to the installation. |
|
Hi Rafael, Sorry to hear that... So, I will try on squid-cache org site. Maybe somebody had similar issue and will share the solution? BR |
|
i know this is old, but, one thing it could be seeing as you went from server 2008 to 2019 might be: A.) windows defender on-access scanner aggressively checking the Squid app files, and logs B.) 2019 is a more demanding OS, if the underlying hardware spec is the same, or similar, a slower response is to be expected. C.) as a test, you could install win server 2008 in a VM, run same version of Squid, see if it still hogs the CPU with your config that would be the fairest test and accurately tell you whether the squid version differences really are the only culprit. D.) the ordering / sequence of your rules might be playing a role, go over with a fine tooth-comb and enure non are repeating rules, as well as seeing if any rules can be combined for effiency, for example "www.microsoft.com" and "microsoft.com" as 2 rules is the same as saying ".microsoft.com" in a single rule (you might find many can be reduced - if unsure, or for a super quick glance without you having to check yourself, throw your config into chatgpt.com or at least give it your list of block and allow rules and ask if they can be optimized) |
Dear Team,
We used to run, Squid 2.5.4 on Windows Server 2008 R2. It was working like a charm!
Thanks a lot!
Since we have migrated to Win 2019 on Hyper-V node, we had started using newer version of Squid, too.
The configuration was copied from old one, with some minor updates.
We use AD Basic Authentication and LDAP lookup for group membership as well.
It works very good... up to couple hours, and then it starts to use all CPU
Any thoughts?
Best regards
Cezary
PS. I would like to add a screenshot, but... I don't know how :(
The text was updated successfully, but these errors were encountered: