Добрый день! Проблема такая, Centos 6.6 2.6.32-504.el6.x86_64 squid 3.5.13. Пользователей около 300. Периодически загружается cpu процессом сквида на 100%. Для начала отключил авторизацию kerb и ntlm, но проблема сохраняется. Конфиг
shutdown_lifetime 1 seconds
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
pid_filename /var/run/squid.pid
#auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/negotiate_kerberos_auth -r -s GSS_C_NO_NAME
#auth_param negotiate children 60
#auth_param negotiate keep_alive on
acl SSL_ports port 443 4443 8443 80
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 21
acl Safe_ports port 60000-61000
acl Safe_ports port 4443
acl Safe_ports port 8443
acl Safe_ports port 8080
acl Safe_ports port 8200
acl Safe_ports port 8888
acl Safe_ports port 9086
acl Safe_ports port 9704
acl Safe_ports port 19000
acl Safe_ports port 1935
acl CONNECT method CONNECT
acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype
acl _test_lan src 10.0.0.0/16
acl _test_vip_ip src "/etc/squid/acl_vip_ip"
acl _test_it_lan src 10.0.2.6 10.0.2.24 10.0.2.19 # WSUS
acl _test_domain srcdomain .test.ru
acl _good_browser browser (Firefox)|(MSIE.*[)]$)|(Opera)|(Chrome)|(rv:11.0)
acl _numeric_ips urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl _good_site dstdomain "/etc/squid/acl_good_site"
acl _google_com dstdomain .google.com .blogger.com .blogspot.com
acl _social_networks dstdomain .vkontakte.ru .vk.com .facebook.com .twitter.com .livejournal.ru .livejournal.com .lj.ru
acl _mail_ru dstdomain .mail.ru
acl _special_HR_dep dstdomain .mail.ru .yandex.ru .rambler.ru .linkedin.com .facebook.com
acl _no_auth_domain dstdomain "/etc/squid/acl_no_auth_domain"
acl _file_exch dstdom_regex "/etc/squid/acl_file_exch"
acl _bad_site dstdom_regex "/etc/squid/acl_bad_site"
acl ssl_none_site dstdomain "/etc/squid/acl_ssl_none_site"
http_access allow manager localhost
http_access allow localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow _no_auth_domain
http_access allow _test_it_lan
http_access allow _test_vip_ip
#http_access allow _Inet_VIP _test
http_access allow _good_site
http_access deny _file_exch
http_access deny _bad_site
http_access deny !_good_browser
#http_access allow _Inet_Standart _test
http_access allow CONNECT all numeric_IPS Skype_UA
#http_access allow _test
http_access allow localhost
http_access allow all
http_access allow CONNECT all numeric_IPS Skype_UA
icp_access allow all
#acl auth proxy_auth REQUIRED
http_port 3128
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache deny all
forwarded_for off
max_filedesc 4096