i lose the actual config?
With the filename change? No, it’s the same. You can keep it as is (no change), or just rename 21_acl_10_auth_custom to 20_acl_10_auth_custom and execute expand-template /etc/squid/squid.conf
Final result will be practically the same.
I understand that I have to eliminate duplicate lines that don’t interest me, right?
In the custom template we created config overrides (duplicate entries but the latter with different/desired value). You can add other config parameters you want to tweak. Note order matters for some squid parameteres.
It seems that it works for now, I will keep you updated, what I have been able to verify is that it eats more cpu, within the expected if we expand the processes to manage the requests
Hola Fernando. How is it working so far?
I ask because there’s another user with the same problem and was wondering if you could give any additional advice:
Good morning @dnutan,
Since I have modified the configuration file we have gone from 460 concurrent users without problems of cuts (before it did not exceed 250) at the moment quite well, when I have the whole company passed through the new proxy I confirm the total number of users and more data of interest if you are interested.
Greetings!
1 Like
Good morning. Thanks for the feedback!
With spikes of more than 130 requests I also stopped the squid and now it holds up well, I keep commenting …
583
Good! By the number of user that’s quite a network.
And up!
When it has reached 620 users the squid has stopped, I just raised the auth_param negotiate children to 35, and it seems to hold on, I am telling you!
1 Like
uth_param negotiate 40
Technically I am only varying the number of “negotiate children” from 20 to 40 and then I have put 50 but if the number of requests that the Squid can handle is “negotiate children” * x that other parameter is auth_param basic children? If so, can you also upload the auth_param basic children or not? I try to understand clearly how that works in Squid.
Thanks greetings!
auth_param negotiate children 50
auth_param basic children 5
Total=250
auth_param negotiate children 50
auth_param basic children 6
Total=300?
What I understand from the documentation. they are different unrelated authentication methods, with no correlation.
Authentication method depends on support by the User-agent. with you current config, first will try with negotiate, if not supported by the user-agent it will use basic authentication.
I’ve seen config examples using 1000 negotiate children just in case they don’t fall short, but I wouldn’t use such high number of childrens without checking resource usage. I guess not all clients will authenticate at the same time.
Proxy Authentication | Squid Web Cache wiki
Authentication is actually performed outside of main Squid process. When Squid starts, it spawns a number of authentication subprocesses. These processes read user credentials on stdin, and reply with “OK” or “ERR” on stdout. This technique allows you to use a number of different authentication protocols (named “schemes” in this context). When multiple authentication schemes are offered by the server (Squid in this case), it is up to the User-Agent to choose one and authenticate using it. By RFC it should choose the safest one it can handle; in practice usually Microsoft Internet Explorer chooses the first one it’s been offered that it can handle, and Mozilla browsers are bug-compatible with the Microsoft system in this field.
