Squid stop without reason

In the custom template we created config overrides (duplicate entries but the latter with different/desired value). You can add other config parameters you want to tweak. Note order matters for some squid parameteres.

It seems that it works for now, I will keep you updated, what I have been able to verify is that it eats more cpu, within the expected if we expand the processes to manage the requests

Hola Fernando. How is it working so far?
I ask because thereā€™s another user with the same problem and was wondering if you could give any additional advice:

Good morning @dnutan,

Since I have modified the configuration file we have gone from 460 concurrent users without problems of cuts (before it did not exceed 250) at the moment quite well, when I have the whole company passed through the new proxy I confirm the total number of users and more data of interest if you are interested.

Greetings!

1 Like

Good morning. Thanks for the feedback!

imagen

With spikes of more than 130 requests I also stopped the squid and now it holds up well, I keep commenting ā€¦

@dnutan

imagen

488 users without problem

imagen

imagen

583

Good! By the number of user thatā€™s quite a network.

imagen

And up!

@dnutan

When it has reached 620 users the squid has stopped, I just raised the auth_param negotiate children to 35, and it seems to hold on, I am telling you!

1 Like

imagen

uth_param negotiate 40

Technically I am only varying the number of ā€œnegotiate childrenā€ from 20 to 40 and then I have put 50 but if the number of requests that the Squid can handle is ā€œnegotiate childrenā€ * x that other parameter is auth_param basic children? If so, can you also upload the auth_param basic children or not? I try to understand clearly how that works in Squid.

Thanks greetings!

auth_param negotiate children 50
auth_param basic children 5

Total=250

auth_param negotiate children 50
auth_param basic children 6

Total=300?

What I understand from the documentation. they are different unrelated authentication methods, with no correlation.

Authentication method depends on support by the User-agent. with you current config, first will try with negotiate, if not supported by the user-agent it will use basic authentication.

Iā€™ve seen config examples using 1000 negotiate children just in case they donā€™t fall short, but I wouldnā€™t use such high number of childrens without checking resource usage. I guess not all clients will authenticate at the same time.

Proxy Authentication | Squid Web Cache wiki
Authentication is actually performed outside of main Squid process. When Squid starts, it spawns a number of authentication subprocesses. These processes read user credentials on stdin, and reply with ā€œOKā€ or ā€œERRā€ on stdout. This technique allows you to use a number of different authentication protocols (named ā€œschemesā€ in this context). When multiple authentication schemes are offered by the server (Squid in this case), it is up to the User-Agent to choose one and authenticate using it. By RFC it should choose the safest one it can handle; in practice usually Microsoft Internet Explorer chooses the first one itā€™s been offered that it can handle, and Mozilla browsers are bug-compatible with the Microsoft system in this field.