Re: [squid-users] performances ... again

I got a user (whom I can trust) who uses an explicit proxy configuration
: there are no improvments.
The pac we use is mostly made of a huge "if" which instruct user's
browser to bypass the proxy and to go direct to some servers.

Here is the pac :

function FindProxyForURL(url,host) {
        if (
                (
                        !(
                        host.indexOf('www.ifp.fr') == 0
                        || host.indexOf('validation.ifp.fr') == 0
                        || host.indexOf('project.ifp.fr') == 0
                        || host.indexOf('ogst.ifp.fr') == 0
                        )
                )
                &&
                (
                        isPlainHostName(host)
                        || host.match('.ifp.fr')
                        || host.match('.cegedim-srh.com')
                        || host.match('.cegedim-srh.net')
                        || host.match('.private.cegedim.com')
                        || host.match('graphidoc.cvp.fr')
                        || host.match('127.0.0.1')
                        || host.match('192.168.9.204')
                        || host.match('172.16')
                        || host.match('172.17.2')
                        || host.match('172.17.3')
                        || host.match('172.20')
                        || host.match('172.29')
                        || host.match('172.30')
                        || host.match('172.31')
                        || host.match('192.168.1')
                        || host.match('156.118')
                        || host.match('83.173.66.219')
                        || host.match('89.148.17.193')
                        || host.match('194.5.133')
                        || host.match('194.5.134')
                        || host.match('80.94.191')
                )
        )
                return "DIRECT";

        return "PROXY 192.168.9.200:3328";
}

I tried to avoid use of calls which cause DNS lookups (hence the
host.match() and host.indexOf() ).

Ionel

Henrik Nordstrom wrote:
> Is there any difference if you configure the proxy explicit without
> using a PAC?
>
> Do you have any rules in the PAC depending on destinaion IP of the
> requested server?
>
>
> fre 2008-06-06 klockan 08:56 +0200 skrev Ionel GARDAIS:
>
>> Configured proxy for now.
>> I'm doing some network to see how can I use squid in transparent
>> interception without breaking the exclude rules ffrom the current pac we
>> use.
>>
>> Ionel
>>
>>
>> Henrik Nordstrom wrote:
>>
>>> Configured proxy, or transparent interception?
>>>
>>>
>>> On fre, 2008-06-06 at 08:29 +0200, Ionel GARDAIS wrote:
>>>
>>>
>>>> DNS issues ... client side ? proxy side ?
>>>> clients resolve to Windows Server 2003 DNS for internal domain names.
>>>> These servers forward to DMZ DNS (running bind) for internal view of
>>>> the DNS (private IPs). DMZ DNS forward to the world for all internet
>>>> name resolution.
>>>> The squid box uses the DMZ DNS.
>>>>
>>>> Thanks,
>>>> Ionel
>>>>
>>>> Henrik Nordstrom wrote:
>>>>
>>>>
>>>>> tor 2008-06-05 klockan 19:10 +0200 skrev GARDAIS Ionel:
>>>>>
>>>>>
>>>>>
>>>>>> After rereading my post, I saw that I did not finish a line :
>>>>>> "[...] cache-misses median service times are around 200ms and cache-hits are around 3ms" but we often see a 10-second lag for browser to start loading the page.
>>>>>>
>>>>>>
>>>>>>
>>>>> That's usually DNS issues. For example if you have two DNS servers
>>>>> configured where one can not resolve external names...
>>>>>
>>>>> Regards
>>>>> Henrik
>>>>>
>>>>>
>>>>>
>>>> --
>>>> Ionel GARDAIS
>>>> System-Network Engineer
>>>>
>>>>

-- 
Ionel GARDAIS
System-Network Engineer