Acesso a https, pricipalmente governo lentos [RESOLVIDO]

1. Acesso a https, pricipalmente governo lentos [RESOLVIDO]

Fernanda Montovani Albuquerk
fernanda_mon

(usa Debian)

Enviado em 11/12/2017 - 11:33h

Bom dia Meninos,

estou com problema em meu server, o acesso a paginas https, sendo principalmente do governo, estão muito lentos, algum poderia me dar uma dica?

segue meu squid.conf

##########################################
##ARQUIVO DE CONFIGURAÇÃO DO SQUID 3.4.8##
##########################################
# ------------------------

#PORTA DE ACESSO AO PROXY#
http_port 192.168.100.1:5005
visible_hostname Rede-JL
#-------------------------

#PARAMETROS DE AUTENTICAÇÃO#
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/cadastro
auth_param basic children 5
auth_param basic realm JL - Digite seu LOGIN e SENHA de Internet!
auth_param basic credentialsttl 1 hours
auth_param basic casesensitive off

forward_max_tries 50 #Tenta os primeiros 200 ips do endereço

cache_mgr [email protected]
error_directory /usr/share/squid/errors/pt-br/

#dns_nameservers 127.0.0.1

cache_mem 4000 MB
half_closed_clients off
maximum_object_size_in_memory 256 KB
maximum_object_size 20 MB
minimum_object_size 10 KB
cache_swap_low 90
cache_swap_high 95

# POLITICAS DE REPOSICAO
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_mgr not_to_be_disturbed

#FIX
ipcache_low 98
ipcache_high 99
ipcache_size 16378

quick_abort_min -1 KB
quick_abort_max 0 KB
quick_abort_pct 90

memory_pools on
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern -i (/cgi-bin/|\?) 15 0% 2280
refresh_pattern . 15 0% 2280

#-------------------------
cache_effective_user proxy
coredump_dir /var/spool/squid
cache_dir diskd /var/dados/spool/squid/squid0 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid1 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid2 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid3 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid4 30000 32 256 Q1=64 Q2=72
cache_dir diskd /var/dados/spool/squid/squid5 30000 32 256 Q1=64 Q2=72

cache_access_log /var/dados/log/squid/access.log
cache_log /var/dados/log/squid/cache.log
cache_store_log /var/dados/log/squid/store.log

server_persistent_connections off
client_persistent_connections off

## AUTENTICACAO ##
acl usuarios proxy_auth REQUIRED
#http_access allow usuarios
acl purge method PURGE
#http_access allow purge localhost
http_access deny purge
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 82 # http nbs
acl Safe_ports port 85 # http nbs
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 365 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 809 #
acl Safe_ports port 3334 # despachanre
acl Safe_ports port 3456 #Sped Fiscal
acl Safe_ports port 3497 #Sped Fiscal
acl Safe_ports port 8080
acl Safe_ports port 9090
acl Safe_ports port 901 # swat
acl Safe_ports port 1011
acl Safe_ports port 1012
acl Safe_ports port 3050 # bradesco
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 1158
acl Safe_ports port 1088
acl Safe_ports port 1707
acl Safe_ports port 1311
acl Safe_ports port 5001
acl Safe_ports port 4041
acl Safe_ports port 8086
acl Safe_ports port 10000

http_access deny !Safe_ports
acl connect method CONNECT
#http_access deny connect !SSL_ports

#Cache geral
refresh_pattern -i \.index.(html|htm|php|jsp|jsf|js|asp)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js|asp|php|jsp|jsf)$ 1440 40% 40320
refresh_pattern -i .(gif|png|jpg|ico|bmp|tiff|jpeg)$ 720 100% 7200 override-expire override-lastmod reload-into-ims ignore-private
refresh_pattern -i .(apk|rpm|deb|exe|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 720 100% 7200 override-expire override-lastmod reload-into-ims ignore-private
refresh_pattern -i .(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 720 100% 7200 override-expire override-lastmod reload-into-ims ignore-private

#Cache windowsupdate
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern http://www.download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern http://www.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern cache.pack.google.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern http://www.update.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern wwww.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

refresh_pattern -i .*microsoft\.com/.*\.(cab|exe|msi|msp|octet-stream|vnd.ms-cab-compressed) 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-private
refresh_pattern -i .*windowsupdate\.com/.*\.(cab|exe|msi|msp|vnd.ms-cab-compressed|octet-stream) 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-private
refresh_pattern -i .*debian\.com/.*\.(tar|bz|bz2|gpg|gz|zip|deb) 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-private
refresh_pattern -i .*adobe\.com/.*\.(exe|msi) 129600 100% 129600 override-expire override-lastmod reload-into-ims ignore-reload ignore-private

refresh_pattern ([^.]+.|)avast.com/.*\.(vpu|vpaa|vpx) 4320 100% 43200 reload-into-ims

refresh_pattern ([^.]+.|)kaspersky.com/.*\.(vpu|vpaa|dif|xml|klz|kdc|dat|mft|ewi|pxi|cia|wau|uey|fbo|psn|n5t) 4320 100% 43200 reload-into-ims

########### Cache Videos ###########
refresh_pattern -i \.flv$ 4320 100% 43200 override-expire ignore-private
acl micropower dstdomain .micripower.com.br midia.micropwer.com.br
cache allow micropower
####################################

#####################################################################

#---------------------------

### SERVIDOR TERMINAL SERVER #################################################################
acl acessoserver src "/etc/squid/server/ip_bloqueado"
acl site_server url_regex -i "/etc/squid/server/site_server"
http_access allow site_server
http_access deny acessoserver !site_server

###########################################################
##INICIO DAS REGRAS DE CONTROLE PELO "/etc/squid/"##
###########################################################
acl governo url_regex -i "/etc/squid/sites/governo"
http_access allow governo

acl url_sem_cache url_regex -i "/etc/squid/sites/url_sem_cache"
always_direct allow url_sem_cache

acl bradesco url_regex "/etc/squid/sites/url_bradesco"
http_access allow all bradesco

#Departamento de TI
acl ti proxy_auth "/etc/squid/users/usr_ti"
http_access allow all ti

# BLOQUEIO DE EXTENCOES
#acl extencoes urlpath_regex -i "/etc/squid/extencoes"
#http_access deny extencoes

##############################NIVEL 1##############################

##ENDEREÇOS COM ACESSO IRRESTRÍTO##

acl noproxy url_regex "/etc/squid/sites/url_livre"
http_access allow all noproxy


##############################NIVEL 2##############################

##REGRAS DE USUÁRIOS SEM RESTRIÇÕES##

#Gerentes, marketing e tercerizados
acl livre proxy_auth "/etc/squid/users/usr_livre"
http_access allow all livre

#---------------------------
acl geral proxy_auth "/etc/squid/users/ex_usr/ex_geral"
acl url_geral url_regex "/etc/squid/sites/ex_url/ex_geral"
http_access allow geral url_geral

http_access deny all


bjs :)



  


2. MELHOR RESPOSTA

Alex Fernando
showd07

(usa Debian)

Enviado em 21/12/2017 - 10:09h

Olá,
em qualquer IP dentro do proxy esse tipo de site fica lento?
já tentou utilizar um IP que fica fora do proxy para ver se os sites ficam normal?
como está o seu iptables?
skype showd.dota





Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts