Re: [squid-users] squid and long URLs

On Mon, 13 Dec 2004, Daniel Graupner wrote:

>> See Squid FAQ on how to use Squid inside a firewall.
>
> I did, but in my testing environment there is no firewall at all. Between
> cache, peer and hosts is no firewall. Please give me more hints.

So your Squid which reported "Network unreachable" should be able to reach
www.ibm.com without using any peer?

Then this error indicates you have a basic network problem of some kind
which prevents this Squid server from reaching the Internet proper. Quite
likely missing routing.

> I read in the handbook that squid only goes direct when the peer is assumed
> to be down. This should not happen with "default no-query" in the cache peer
> directive.

This is ONE case where Squid goes direct, the other is when using peers
does not make sense in terms of hit ratio, and then there is also some
other cases.

And even with the above options Squid is fully capable of determining that
the peer is down, if it is..

If your Squid is inside a firewall and not permitted to go direct you MUST
tell this to Squid as per the instructions in the Squid FAQ.

> Please be more specific. I have no idea why questionmarks should be a
> problem, other proxies don't care about it. The client sends the complete URL
> to the cache and squid drops something...that behaviour is not clear to me.

Squid does not drop anything.

Squid goes direct on URLs with ? in then as it is instructed these URLs is
not cacheable in the squid.conf shipped with Squid. See the no_cache
directive, but note that it is more or less REQUIRED by the HTTP RFC to
handle such URLs as uncacheable.

Squid does not log the query terms for security reasons, but it is only in
the log where these are "missing". If you really want the query terms
logged then see squid.conf.

As already said in this thread Squid bypasses peers on a number of
different classes of requests unless told that it is inside a firewall
where going direct is not an option. This to optimize the performance and
hit ratio of a cache mesh.

What differs Squid from many other proxies is that just giving Squid a
parent does not force Squid to always use the parent, it just tells Squid
that there is a parent proxy which Squid MAY use if Squid feels it is a
good idea.

If your Squid is not permitted to go direct then this must also be told,
if not it assumes it is permitted to go direct when this would be
"optimal" (in Squids opinion).

Regards
Henrik
Received on Mon Dec 13 2004 - 02:46:16 MST