> New to the list. I'm sorry if this stuff is covered in a=20
> list FAQ somewhere
> that I'm unable to find. I have 3 main questions about the=20
> wonderful squid
> cache.



> 1. I want to analyze my squid logs graphically in terms of TCP_HIT,
> and other codes from the logs. I'm sure there's something=20
> out there to do
> it already that I'm just not aware of.

Look for various tools available in :


Also check the squid FAQ as on how to use Squid with MRTG.

> 2. Also, we've been feeling the brunt of all the new Welchia=20
> variants that
> try
> port 80 attacks through random, high-frequency portscanning,=20
> which saps our
> squid caches of file descriptors. From doing some previous=20
> list reading, I
> have set half_closed_connections to off, as well as client_persistent
> connections to off. I didn't turn server_persistent to off,=20
> because, well,
> it sounds important. Am I being a pansy for not doing this? I'm also

Although a personal opinion ; I think so yes. The kind of attacks
you describe should be handled by perimeter firewalling =
If you have a good fw. setup then for instance port scans should not =
able to reach your squid box. Also that in particular is not much =
to fd. usage as squid only listens on one port.
Meaning that resource exhausting attacks on squid would have in any
case be http-'applicated' based.


> curious how these settings help the file descriptor problem,=20
> as they sound
> like they adjust network connection behaviour as opposed to=20
> anything that
> impacts file descriptors. Can anyone shed light on how this=20
> works? Also,
> would there be any reason a service provider with many=20
> diversely screwed-up
> operating systems and corresponding screwed-up browsers would=20
> not want to
> muck with these Squid settings?
> 3. Why is the squid cache so slow when I use diskd? What=20
> guidelines do all
> of you use for large caches (>20GB) in terms of directory=20
> structure, memory
> options, and diskd/no diskd, ufs/no ufs?

Well, read the FAQ part on diskd. Diskd often
requires OS related tuning.


> Thanks,
> Paul