Здравствуйте!
Медленно грузятся страницы при авторизации kerberos.
CentOS Linux 7
Squid Cache: Version 4.0.23
В access.log такая ситуация:
1521212235.869 986 192.168.0.49 TCP_TUNNEL/200 587 CONNECT segodnya.ua:443 user@AD.***.***.** HIER_DIRECT/91.238.193.16 -
1521212235.871 0 192.168.0.49 TCP_DENIED/407 4141 CONNECT c.lentainform.com:443 - HIER_NONE/- text/html
1521212235.972 1351 192.168.0.49 TCP_TUNNEL/200 3327 CONNECT counter.yadro.ru:443 user@AD.***.***.** HIER_DIRECT/88.212.196.105 -
1521212235.974 0 192.168.0.49 TCP_DENIED/407 4113 CONNECT utarget.ru:443 - HIER_NONE/- text/html
1521212235.995 1122 192.168.0.49 TCP_TUNNEL/200 6424 CONNECT xk1o.amgload.net:443 user@AD.***.***.** HIER_DIRECT/185.187.81.38 -
1521212236.071 10 192.168.0.49 TCP_DENIED/407 4125 CONNECT loadercdn.com:443 - HIER_NONE/- text/html
1521212236.071 3576 192.168.0.49 TCP_TUNNEL/200 6585 CONNECT inv-nets.admixer.net:443 user@AD.***.***.** HIER_DIRECT/146.0.227.110 -
1521212236.072 0 192.168.0.49 TCP_DENIED/407 4165 CONNECT n7-r1d2.piguiqproxy.com:443 - HIER_NONE/- text/html
1521212236.081 1202 192.168.0.49 TCP_TUNNEL/200 6447 CONNECT kz9c.piguiqproxy.com:443 user@AD.***.***.** HIER_DIRECT/185.187.81.35 -
1521212236.431 0 192.168.0.49 TCP_DENIED/407 4165 CONNECT n9-r1d2.piguiqproxy.com:443 - HIER_NONE/- text/html
1521212236.670 398190 192.168.0.49 TCP_TUNNEL/200 24519 CONNECT mc.yandex.ru:443 user@AD.***.***.** HIER_DIRECT/213.180.193.119 -
1521212236.672 0 192.168.0.49 TCP_DENIED/407 4141 CONNECT c.novostimira.biz:443 - HIER_NONE/- text/html
1521212236.723 3511 192.168.0.49 TCP_TUNNEL/200 7708 CONNECT n4p-ru.redtram.com:443 user@AD.***.***.** HIER_DIRECT/62.244.25.75 -
1521212236.725 0 192.168.0.49 TCP_DENIED/407 4141 CONNECT c.novostimira.biz:443 - HIER_NONE/- text/html
Часть конфига:
auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -s HTTP/sq.****.**
auth_param negotiate children 200 startup=5 idle=1
auth_param negotiate keep_alive on
external_acl_type InetFull ttl=300 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -a -g InetFull -D AD.***.***.**
acl auth proxy_auth REQUIRED
http_port 3128
https_port 3129 intercept ssl-bump cert=/etc/squid/squidCA.pem
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 16MB
sslcrtd_children 16 startup=1 idle=1
ssl_bump splice all
Пробовал увеличить количество auth_param negotiate children и sslcrtd_children - лучше не стало.