In the custom template we created config overrides (duplicate entries but the latter with different/desired value). You can add other config parameters you want to tweak. Note order matters for some squid parameteres.
It seems that it works for now, I will keep you updated, what I have been able to verify is that it eats more cpu, within the expected if we expand the processes to manage the requests
Hola Fernando. How is it working so far?
I ask because thereās another user with the same problem and was wondering if you could give any additional advice:
Good morning @dnutan,
Since I have modified the configuration file we have gone from 460 concurrent users without problems of cuts (before it did not exceed 250) at the moment quite well, when I have the whole company passed through the new proxy I confirm the total number of users and more data of interest if you are interested.
Greetings!
Good morning. Thanks for the feedback!
With spikes of more than 130 requests I also stopped the squid and now it holds up well, I keep commenting ā¦
488 users without problem
583
Good! By the number of user thatās quite a network.
And up!
When it has reached 620 users the squid has stopped, I just raised the auth_param negotiate children to 35, and it seems to hold on, I am telling you!
uth_param negotiate 40
Technically I am only varying the number of ānegotiate childrenā from 20 to 40 and then I have put 50 but if the number of requests that the Squid can handle is ānegotiate childrenā * x that other parameter is auth_param basic children? If so, can you also upload the auth_param basic children or not? I try to understand clearly how that works in Squid.
Thanks greetings!
auth_param negotiate children 50
auth_param basic children 5
Total=250
auth_param negotiate children 50
auth_param basic children 6
Total=300?
What I understand from the documentation. they are different unrelated authentication methods, with no correlation.
Authentication method depends on support by the User-agent. with you current config, first will try with negotiate, if not supported by the user-agent it will use basic authentication.
Iāve seen config examples using 1000 negotiate children just in case they donāt fall short, but I wouldnāt use such high number of childrens without checking resource usage. I guess not all clients will authenticate at the same time.
Proxy Authentication | Squid Web Cache wiki
Authentication is actually performed outside of main Squid process. When Squid starts, it spawns a number of authentication subprocesses. These processes read user credentials on stdin, and reply with āOKā or āERRā on stdout. This technique allows you to use a number of different authentication protocols (named āschemesā in this context). When multiple authentication schemes are offered by the server (Squid in this case), it is up to the User-Agent to choose one and authenticate using it. By RFC it should choose the safest one it can handle; in practice usually Microsoft Internet Explorer chooses the first one itās been offered that it can handle, and Mozilla browsers are bug-compatible with the Microsoft system in this field.