Proxy
Squid 需要 2 分鐘記憶體一個小 pdf
我們遇到的問題是來自特定 url 的某些 pdf 需要很長時間才能顯示。Squid 似乎使用了很長時間(超過 2 分鐘)來記憶體 110kb。如果我不通過 squid 瀏覽這個 pdf,它就可以完美地工作。
1359106030.833 120114 160.85.85.46 TCP_MISS/200 116194 GET http://www2.zhlex.zh.ch/appl/zhlex_r.nsf/0/9429732E0BEDB5EDC12574C60044A4CC/$file/xxx.pdf - DIRECT/195.65.218.66 application/pdf您還可以在 tcpdump 上看到差距
它存在於我們的 Squid 3.1 上,但也存在於 Squid 3.2 上。它僅出現在來自該 url 的 pdf 上。其他pdf工作正常。
它不能是他們的伺服器,因為它可以在不通過代理的情況下順利執行
這是我們經過清理的配置。它已經從舊的 squid 版本中接管,並且從那時起就沒有進行過調整。
acl manager proto cache_object acl localhost src 127.0.0.1/32 acl bigip src xx.xx.xx.xx/32 acl to_localhost dst 127.0.0.0/8 acl monhost src xx.xx.xx.xx/32 acl srv-ts-057 src xx.xx.xx.xx/32 acl srv-ts-058 src xx.xx.xx.xx/32 acl snmppublic snmp_community Fast3thernet acl xxnet src xx.xx.xx.xx/16 # xx acl xxnet src xx.xx.xx.xx/32 # HSWNAT acl xxnet src xx.xx.xx.xx/16 # VoIP acl xxnet src xx.xx.xx.xx/22 # HAP acl xxnet src xx.xx.xx.xx/22 # HSSAZ acl xxnet src xx.xx.xx.xx/24 # Management Netz 1 acl xxnet src xx.xx.xx.xx/24 # Management Netz 2 acl xxnet src xx.xx.xx.xx/24 # FET-DEV acl xxnet src xx.xx.xx.xx/24 # FET-TEST acl xxnet src xx.xx.xx.xx/24 # BET-DEV acl xxnet src xx.xx.xx.xx/24 # BET-TEST acl xxnet src xx.xx.xx.xx/24 # FET-VDP acl xxnet src xx.xx.xx.xx/24 # FET-VDP acl STAFFMGR src xx.xx.xx.xx/26 acl SSL_ports port 443 8443 28443 50001 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl MONxxCH dstdomain mon.xx.ch acl ZREG dstdomain zreg.xx.ch acl PUT method PUT http_access allow PUT xxnet http_access deny PUT acl PURGE method PURGE http_access allow PURGE localhost http_access deny PURGE acl PROPFIND method PROPFIND http_access allow PROPFIND srv-ts-057 http_access allow PROPFIND srv-ts-058 http_access deny PROPFIND http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access deny !STAFFMGR MONxxCH http_access deny !STAFFMGR ZREG http_access allow xxnet http_access deny all icp_access deny all follow_x_forwarded_for allow localhost follow_x_forwarded_for allow bigip acl_uses_indirect_client on delay_pool_uses_indirect_client on log_uses_indirect_client on http_port 160.85.104.11:8080 hierarchy_stoplist cgi-bin ? cache_mem 768 MB maximum_object_size_in_memory 32 KB cache_dir ufs /var/cache/squid 25000 64 256 coredump_dir /var/cache/squid #access_log /var/log/squid/access.log #cache_log /var/log/squid/cache.log cache_store_log none #pid_filename /var/run/squid.pid ftp_user wwwuser@xx.ch refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] acl apache rep_header Server ^Apache request_timeout 30 seconds cache_mgr servicedesk@xx.ch #mail_from squid@srv-app-901.xx.ch #mail_program /usr/local/bin/mutt cache_effective_user squid cache_effective_group squid httpd_suppress_version_string on visible_hostname srv-app-901.xx.ch unique_hostname srv-app-901.xx.ch snmp_port 3401 snmp_access allow snmppublic monhost snmp_access deny all snmp_incoming_address xx.xx.xx.xx snmp_outgoing_address 255.255.255.255 icp_port 0 allow_underscore off dns_retransmit_interval 3 seconds dns_timeout 1 minute dns_nameservers xx.xx.xx.xx append_domain .xx.ch max_filedescriptors 8192知道是什麼原因造成的嗎?
問題解決了!
我發現命令“host www2.zhlex.zh.ch”將以超時結束。Squid 首先查找 AAAA 記錄 (ipv6),但我們沒有使用 ipv6。這需要 2 分鐘才超時並尋找 A 記錄。
我在系統上禁用了 ipv6 + 我在 squid.conf 中添加了以下行以強制使用 ipv4
acl to_ipv6 dst ipv6 tcp_outgoing_address <your_proxy_ipv4_address> !to_ipv6現在一切正常!