Re: [squid-users] eating cpu

From: Kancha . <[email protected]>
Date: Tue, 29 Jan 2002 01:05:38 -0800 (PST)

I'm using a Dell PowerEdge 2300 without RAID. I'm
using a SCSI HDD.

One of the reasons squid is consuming cpu is due to
nimda and codered. I've seen lots nimda and codered
requests in the log file.

So i put ACL to block the worms

acl nimda1 url_regex -i defaul.ida
and similar lines for root.exe and cmd.exe then
http_access deny nimda1 and similarly for the other
two acls

Despite this the requests aren't blocked. Whenever
there is work attack the cpu utilization just grows
rapidly.

If i could only block these worms i guess cpu
utilization would drop.

Currently I'm using ipchains to redirect port 80 to
3128 only for request coming from my network. My
clients are infected with these worms. I can't have
all my clients to clean nimda as it is impossible to
keep track of every client.

I've seen lots of people even in this list mention the
use of iptables, so i gues i'll switch to iptables as
well.

What should be the value of cache_mem for a server
with 256M RAM. Currently I'm using 8M. I was using 16M
previously.

--- pankaj patel <pankaj_surat@nettaxi.com> wrote:
> I was also facing the same problem, I was using
> Netfinity5000, I also tried
> on assambled pc(p3-500)
> Finally I mooved back to RHL6.2 (2.2.14-5.0)
> squid-2.3.STABLE1-5 and its
> working fine on both the machines.
>
> ----pp
>
> ----- Original Message -----
> From: "Peter Smith" <peter.smith@UTSouthwestern.edu>
> To: "Kancha ." <kancha2np@yahoo.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Monday, January 28, 2002 10:11 PM
> Subject: Re: [squid-users] eating cpu
>
>
> > Kancha:
> > It is entirely possible that you are using a Dell
> box that comes with
> > raid hardware which uses the aacraid driver. If
> so, most likely you
> > will have better luck downgrading to the 2.2
> kernel. That is what I've
> > had to do as I have 2 Dell Poweredge 2550s (with
> the aacraid driver.)
> > My theory is the 2.4 series has a buggy aacraid
> driver.
> >
> > Peter Smith
> > Linux Systems Administrator
> > University of Texas Southwestern Medical Center at
> Dallas
> > (USA) 214 648 3111
> > peter.smith@utsouthwestern.edu
> >
> >
> > Kancha . wrote:
> >
> > >I'm using squid as a transparent proxy on a RH
> 7.2
> > >machine. The hardware that i'm using is Dell
> Power
> > >Edge 2300 with 256Mb Ram and 6GB HDD. I've
> allocated
> > >2G for cache. I've 8M and cache_mem and I'm also
> > >running named on the server.
> > >
> > >Average requests / hr through the proxy is around
> > >22000. After about 2 hours the cpu is utilized
> more
> > >than 90% and the system gets really slow. The
> browsing
> > >get really slow. Despite the available bandwidth
> the
> > >browsing speed drastically decreases.
> > >
> > >Where have i gone wrong ?? I'm using ipchains and
> > >redirecting all my web traffic throuh the router.
> > >
> > >Under this circumstance what would be the idle
> > >configuration ??
> > >
> > >
 

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
Received on Tue Jan 29 2002 - 02:05:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:58 MST