Acesso a https, pricipalmente governo lentos [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 11/12/2017 - 11:33h

Bom dia Meninos,

estou com problema em meu server, o acesso a paginas https, sendo principalmente do governo, estão muito lentos, algum poderia me dar uma dica?

segue meu squid.conf

##########################################
##ARQUIVO DE CONFIGURAÇÃO DO SQUID 3.4.8##
##########################################
# ------------------------

#PORTA DE ACESSO AO PROXY#
http_port 192.168.100.1:5005
visible_hostname Rede-JL
#-------------------------

#PARAMETROS DE AUTENTICAÇÃO#
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/cadastro
auth_param basic children 5
auth_param basic realm JL - Digite seu LOGIN e SENHA de Internet!
auth_param basic credentialsttl 1 hours
auth_param basic casesensitive off

forward_max_tries 50 #Tenta os primeiros 200 ips do endereço

cache_mgr suporte@jl.com.br
error_directory /usr/share/squid/errors/pt-br/

#dns_nameservers 127.0.0.1

cache_mem 4000 MB
half_closed_clients off
maximum_object_size_in_memory 256 KB
maximum_object_size 20 MB
minimum_object_size 10 KB
cache_swap_low 90
cache_swap_high 95

# POLITICAS DE REPOSICAO
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_mgr not_to_be_disturbed

#FIX
ipcache_low 98
ipcache_high 99
ipcache_size 16378

quick_abort_min -1 KB
quick_abort_max 0 KB
quick_abort_pct 90

memory_pools on
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern -i (/cgi-bin/|\?) 15 0% 2280
refresh_pattern . 15 0% 2280

#-------------------------
cache_effective_user proxy
coredump_dir /var/spool/squid
cache_dir diskd /var/dados/spool/squid/squid0 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid1 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid2 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid3 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid4 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid5 30000 32 256 Q1=64 Q2=72

cache_access_log /var/dados/log/squid/access.log
cache_log /var/dados/log/squid/cache.log
cache_store_log /var/dados/log/squid/store.log

server_persistent_connections off
client_persistent_connections off

## AUTENTICACAO ##
acl usuarios proxy_auth REQUIRED
#http_access allow usuarios
acl purge method PURGE
#http_access allow purge localhost
http_access deny purge
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 82 # http nbs
acl Safe_ports port 85 # http nbs
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 365 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 809 #
acl Safe_ports port 3334 # despachanre
acl Safe_ports port 3456 #Sped Fiscal
acl Safe_ports port 3497 #Sped Fiscal
acl Safe_ports port 8080
acl Safe_ports port 9090
acl Safe_ports port 901 # swat
acl Safe_ports port 1011
acl Safe_ports port 1012
acl Safe_ports port 3050 # bradesco
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 1158
acl Safe_ports port 1088
acl Safe_ports port 1707
acl Safe_ports port 1311
acl Safe_ports port 5001
acl Safe_ports port 4041
acl Safe_ports port 8086
acl Safe_ports port 10000

http_access deny !Safe_ports
acl connect method CONNECT
#http_access deny connect !SSL_ports

#Cache geral
refresh_pattern -i \.index.(html|htm|php|jsp|jsf|js|asp)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js|asp|php|jsp|jsf)$ 1440 40% 40320
refresh_pattern -i .(gif|png|jpg|ico|bmp|tiff|jpeg)$ 720 100% 7200 override-expire override-lastmod reload-into-ims ignore-private
refresh_pattern -i .(apk|rpm|deb|exe|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 720 100% 7200 override-expire override-lastmod reload-into-ims ignore-private
refresh_pattern -i .(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 720 100% 7200 override-expire override-lastmod reload-into-ims ignore-private

#Cache windowsupdate
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern http://www.download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern http://www.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern cache.pack.google.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern http://www.update.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern wwww.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

refresh_pattern -i .*microsoft\.com/.*\.(cab|exe|msi|msp|octet-stream|vnd.ms-cab-compressed) 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-private
refresh_pattern -i .*windowsupdate\.com/.*\.(cab|exe|msi|msp|vnd.ms-cab-compressed|octet-stream) 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-private
refresh_pattern -i .*debian\.com/.*\.(tar|bz|bz2|gpg|gz|zip|deb) 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-private
refresh_pattern -i .*adobe\.com/.*\.(exe|msi) 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-private

refresh_pattern ([^.]+.|)avast.com/.*\.(vpu|vpaa|vpx) 4320 100% 43200 reload-into-ims

refresh_pattern ([^.]+.|)kaspersky.com/.*\.(vpu|vpaa|dif|xml|klz|kdc|dat|mft|ewi|pxi|cia|wau|uey|fbo|psn|n5t) 4320 100% 43200 reload-into-ims

########### Cache Videos ###########
refresh_pattern -i \.flv$ 4320 100% 43200 override-expire ignore-private
acl micropower dstdomain .micripower.com.br midia.micropwer.com.br
cache allow micropower
####################################

#####################################################################

#---------------------------

### SERVIDOR TERMINAL SERVER #################################################################
acl acessoserver src "/etc/squid/server/ip_bloqueado"
acl site_server url_regex -i "/etc/squid/server/site_server"
http_access allow site_server
http_access deny acessoserver !site_server

###########################################################
##INICIO DAS REGRAS DE CONTROLE PELO "/etc/squid/"##
###########################################################
acl governo url_regex -i "/etc/squid/sites/governo"
http_access allow governo

acl url_sem_cache url_regex -i "/etc/squid/sites/url_sem_cache"
always_direct allow url_sem_cache

acl bradesco url_regex "/etc/squid/sites/url_bradesco"
http_access allow all bradesco

#Departamento de TI
acl ti proxy_auth "/etc/squid/users/usr_ti"
http_access allow all ti

# BLOQUEIO DE EXTENCOES
#acl extencoes urlpath_regex -i "/etc/squid/extencoes"
#http_access deny extencoes

##############################NIVEL 1##############################

##ENDEREÇOS COM ACESSO IRRESTRÍTO##

acl noproxy url_regex "/etc/squid/sites/url_livre"
http_access allow all noproxy


##############################NIVEL 2##############################

##REGRAS DE USUÁRIOS SEM RESTRIÇÕES##

#Gerentes, marketing e tercerizados
acl livre proxy_auth "/etc/squid/users/usr_livre"
http_access allow all livre

#---------------------------
acl geral proxy_auth "/etc/squid/users/ex_usr/ex_geral"
acl url_geral url_regex "/etc/squid/sites/ex_url/ex_geral"
http_access allow geral url_geral

http_access deny all


bjs :)