are you taking about the delay pools rules?
also if it's a proxy that is open to the internet i would limit the
access to port 3128 to only lan.
your http_access rules are allowing anyone to use the proxy for the
whitelist.
Regards,
Eliezer
On 24/04/2012 09:06, Muhammad Yousuf Khan wrote:
> ok i just disabled all the rules and it works for me now ill test
> which rule is making a problem and let you know also.
>
> Thanks
>
> On Mon, Apr 23, 2012 at 11:20 PM, Muhammad Yousuf Khan<sirtcp_at_gmail.com> wrote:
>> here is the log for bbc.co.uk . first and last msg of log
>>
>> so you can see the time delay.
>>
>> 335205033.183 841 10.51.100.240 TCP_MISS/200 24506 GET
>> http://www.bbc.co.uk/ - DIRECT/212.58.244.66 text/html
>> 1335205057.936 328 10.51.100.240 TCP_REFRESH_HIT/304 435 GET
>> http://static.bbci.co.uk/wwhomepage-3.5/1.0.41/img/broadcast-sprite.png
>> - DIRECT/80.239.148.70 image/png
>>
>>
>> On Mon, Apr 23, 2012 at 11:12 PM, Muhammad Yousuf Khan<sirtcp_at_gmail.com> wrote:
>>> Here you go with my squid.conf
>>>
>>> acl all src all
>>> acl manager proto cache_object
>>> acl localhost src 127.0.0.1/32
>>> acl to_localhost dst 127.0.0.0/8
>>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>>> acl SSL_ports port 443 # https
>>> acl SSL_ports port 563 # snews
>>> acl SSL_ports port 873 # rsync
>>> acl Safe_ports port 80 # http
>>> acl Safe_ports port 21 # ftp
>>> acl Safe_ports port 443 # https
>>> acl Safe_ports port 70 # gopher
>>> acl Safe_ports port 210 # wais
>>> acl Safe_ports port 1025-65535 # unregistered ports
>>> acl Safe_ports port 280 # http-mgmt
>>> acl Safe_ports port 488 # gss-http
>>> acl Safe_ports port 591 # filemaker
>>> acl Safe_ports port 777 # multiling http
>>> acl Safe_ports port 631 # cups
>>> acl Safe_ports port 873 # rsync
>>> acl Safe_ports port 901 # SWAT
>>> acl purge method PURGE
>>> acl CONNECT method CONNECT
>>>
>>> # sqstat
>>> acl manager proto cache_object
>>> acl webserver src 10.51.100.206/255.255.255.255
>>> http_access allow manager webserver
>>> http_access deny manager
>>>
>>>
>>>
>>> # Skype
>>> acl numeric_IPs dstdom_regex
>>> ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
>>> acl Skype_UA browser ^skype
>>> acl validUserAgent browser \S+
>>>
>>> # for cheetah only
>>>
>>> #acl usman src 10.51.100.107
>>> #delay_pools 1
>>> #delay_class 1 1
>>> #delay_parameters 1 22000/22000
>>> #delay_access 1 allow usman
>>>
>>>
>>>
>>> #-------------Allow All ACL-------------
>>> acl aci_lan src 10.51.100.0/24
>>> acl aci_general src 10.51.100.0/24
>>>
>>>
>>> #----My ip
>>> acl my_ip src 10.51.100.240
>>> http_access allow my_ip
>>>
>>>
>>>
>>> # Testing delay pool
>>> delay_pools 1
>>> delay_class 1 1
>>> delay_parameters 1 22000/10240000
>>> delay_access 1 allow aci_general
>>>
>>>
>>>
>>>
>>> #---------------------Assurety Whitelist---------------
>>> acl aci_whitelist dstdomain "/blocklist/aci_list/whitelist"
>>> http_access allow aci_whitelist
>>>
>>> #--Senior Allow Domainlist------------------------------
>>> acl aci_seniors dstdomain "/blocklist/aci_list/whitelist_seniors"
>>> #---------------------------------------------------------#See
>>> implimentation in ACI implimentation section
>>>
>>> #--------------------Assurety Hard_Block--------------
>>> acl aci_hard_block dstdomain "/blocklist/aci_list/hard_block_domains"
>>> http_access deny aci_hard_block
>>>
>>> #--------------------Hard_Block EXE and E.T.C---------------------
>>> #acl mime_block_hard rep_mime_type -i "/blocklist/aci_list/hard_mime_block"
>>> #http_reply_access deny mime_block_hard
>>>
>>>
>>> #--General------Streaming Block------------------------------
>>> acl mime_block rep_mime_type -i "/blocklist/aci_list/time_mime_block"
>>>
>>> #--General Domainlist------------------------------
>>> acl aci_dest dstdomain "/blocklist/aci_list/time_block_domains"
>>>
>>> #--Seniors MAC list mouting------------------------------
>>> acl aci_mac_seniors arp "/blocklist/aci_list/mac_list_seniors"
>>>
>>> #--General Timing------------ Normal Days Working hours--------------
>>> acl aci_working_hours time MTWH 10:04-13:04
>>> acl aci_working_hours time MTWH 14:04-18:04
>>> #--General Timing-------------Friday------------------------
>>> acl aci_working_hours time F 10:04-13:04
>>> acl aci_working_hours time F 15:04-18:04
>>>
>>> #--General/Seniors-------------Implimentation------------------
>>> http_access allow aci_seniors aci_mac_seniors
>>> http_access deny aci_dest aci_working_hours aci_general
>>> http_reply_access deny mime_block aci_working_hours aci_general !my_ip
>>>
>>> #skype deny
>>> http_access deny numeric_IPS aci_working_hours
>>> http_access deny Skype_UA aci_working_hours
>>> http_access deny !validUserAgent aci_working_hours
>>>
>>>
>>>
>>>
>>>
>>> #Error Directory by Ykhan
>>> error_directory /usr/share/squid/errors/en-us/
>>> #------------------------TheEnd----------------------
>>> http_access allow aci_lan
>>>
>>>
>>>
>>> http_access allow manager localhost
>>> http_access deny manager
>>> http_access allow purge localhost
>>> http_access deny purge
>>> http_access deny !Safe_ports
>>> http_access deny CONNECT !SSL_ports
>>> http_access allow localhost
>>> http_access deny all
>>> icp_access allow localnet
>>> icp_access deny all
>>> http_port 3128
>>> hierarchy_stoplist cgi-bin ?
>>> access_log /var/log/squid/access.log squid
>>> refresh_pattern ^ftp: 1440 20% 10080
>>> refresh_pattern ^gopher: 1440 0% 1440
>>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>>> refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
>>> refresh_pattern . 0 20% 4320
>>> acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
>>> upgrade_http0.9 deny shoutcast
>>> acl apache rep_header Server ^Apache
>>> broken_vary_encoding allow apache
>>> extension_methods REPORT MERGE MKACTIVITY CHECKOUT
>>> hosts_file /etc/hosts
>>> coredump_dir /var/spool/squid
>>>
>>> ##ykhan squid redirection to squidguard
>>>
>>> #redirect_program /usr/bin/squidGuard
>>> #url_rewrite_program /usr/bin/squidGuard
>>> #url_rewrite_children 5
>>>
>>>
>>> On Mon, Apr 23, 2012 at 8:42 PM, Eliezer Croitoru<eliezer_at_ngtech.co.il> wrote:
>>>> On 23/04/2012 18:38, Muhammad Yousuf Khan wrote:
>>>>>
>>>>> well i have been experiencing slow Internet browsing. not very slow
>>>>> but comparatively slower then IPCOP firewall. i can not understand how
>>>>> come i diagnose the issue.
>>>>> i mean. i increase the RAM , i checked the DNS every thing is fine but
>>>>> my browser stuck at "connecting" ones it start download it do it fast
>>>>> but then stop for something then start. i am not getting the clear
>>>>> picture. can anyone help
>>>>>
>>>>> i am suing debian 6.0.4 with 2.7 stable squid.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> MYK
>>>>
>>>> what is your exact problem? slow downloads?
>>>> what is your squid setup?transparent ?regular forward proxy?
>>>> what browser are you using?
>>>> do you have some squid logs? or squid.conf?
>>>> what dns server are you using?
>>>>
>>>> Regards,
>>>> Eliezer
>>>>
>>>> --
>>>> Eliezer Croitoru
>>>> https://www1.ngtech.co.il
>>>> IT consulting for Nonprofit organizations
>>>> eliezer<at> ngtech.co.il
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Tue Apr 24 2012 - 08:11:39 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 24 2012 - 12:00:04 MDT