Re: [squid-users] Web mail attachments page cannot display

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 12 Jun 2009 19:21:42 +1200

web wrote:
> You assume wrong. "no_cache" directive is an obsolete spelling of
> "cache" directive.
>
> - How do I choose to not have sites come from the cache? i.e. retrieve from the site every time?
>

http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers

Amos

> ________________________________________
> From: Amos Jeffries [squid3_at_treenet.co.nz]
> Sent: Friday, 12 June 2009 11:48 AM
> To: web
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Web mail attachments page cannot display
>
> web wrote:
>> Hi, I have 500 squidnt 2.7 stable 5 appliances out at distributed
>> offices. It is being reported to me that when connected to the local
>> caching appliance, intermittently they are getting page cannot
>> display messages when using webmail and adding attachments. If they
>> point to the upstream (parent) cache, they are not experiencing the
>> problem. What I have tried, is to put the URL for the webmail in the
>> nocache.conf file, so it doesn't cache this information, therefore I
>> would assume that its going direct (much the same way as if they
>> pointed their caching appliance to upstream server).
>
> You assume wrong. "no_cache" directive is an obsolete spelling of
> "cache" directive.
>
> The only way to make requests go directly to an outside server without
> involving Squid is to do it at the browser (explicit settings or
> WPAD/PAC file) or the fireawall (interception bypass rules).
>
> Once the request reaches Squid its too late to not handle.
>
> > The upstream
>> (core) squid appliance is managed outside our company, so we dont
>> have anything to do with it, but it shouldn't matter either as it
>> works pointing directly to it. Does anyone have any suggestions to
>> what I could try or what I am doing wrong? I have pasted the local
>> caching appliance config to help with identifying the problem.
>> Thanks in advance.
>>
>
> 'always_direct' is the directive to make Squid use a direct link to the
> outside server instead of one of the cache_peer links.
>
> I'd try setting:
> always_direct allow nocache
>
> Which will cut the proxy hierarchy to one layer and improve the chances
> of a successful request.
> I've seen this type of thing with a slow link and large uploaded file
> (order of MB such as MS office generated files).
>
> Amos
>
>
> > http_port 8080
> > cache_peer proxy.xxxxxxxx parent 8080 3130 no-query default login=PASS
> > hierarchy_stoplist cgi-bin ?
> > acl QUERY urlpath_regex cgi-bin \?
> > no_cache deny QUERY
>
> change that to "cache deny"
>
> > cache_mem 32 MB
> > maximum_object_size 30720 KB
> > cache_dir aufs d:/squid/var/cache 60000 16 256
>
> 60GB of storage with a 30MB absolute cap on object size...
>
> cap of 32MB worth of objects stored in RAM-cache at any point.
>
> > auth_param digest children 5
> > auth_param digest realm Squid proxy-caching web server
> > auth_param digest nonce_garbage_interval 5 minutes
> > auth_param digest nonce_max_duration 30 minutes
> > auth_param digest nonce_max_count 50
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web server
> > auth_param basic credentialsttl 2 hours
> > auth_param basic casesensitive off
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern . 0 20% 4320
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl to_localhost dst 127.0.0.0/8
> > acl SSL_ports port 443 563
> > acl Safe_ports port 80 # http
> > acl Safe_ports port 21 # ftp
> > acl Safe_ports port 443 563 # https, snews
> > acl Safe_ports port 70 # gopher
> > acl Safe_ports port 210 # wais
> > acl Safe_ports port 1025-65535 # unregistered ports
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > acl CONNECT method CONNECT
> > acl snmppublic snmp_community xxxxxxxxxx
> > acl snmpprivate snmp_community xxxxxxxxxx
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > acl block url_regex -i "d:/squid/var/logs/block.conf"
> > acl unblock url_regex -i "d:/squid/var/logs/unblock.conf"
> > acl nocache url_regex -i "d:/squid/var/logs/nocache.conf"
> > no_cache deny nocache
> > http_access deny block !unblock
>
> Two regex ACL in a row. See how much of that you can alter into
> dstdomain or such. It's much faster.
>
> Best configuration for regex is where a fast ACL like dstdomain is
> tested first to short-circuit the regex from being needed on as much
> traffic as possible.
>
> > http_access allow all
>
> Eeek! mostly-open proxy. Better define some security on that right quick.
>
> Start with an ACL defining what the local client networks are.
>
> If you intended this as an accelerator then please use the recommended
> accelerator configs to secure your destinations.
> http://wiki.squid-cache.org/ConfigExamples
>
> > http_access deny all
> > http_reply_access allow all
> > icp_access allow all
> > cache_mgr webmaster
> > visible_hostname SquidNT.proxy.local
> > always_direct deny all
> > never_direct allow all
> > snmp_port 3401
> > snmp_access allow snmppublic
> > snmp_access allow snmpprivate
> > snmp_access deny all
> > snmp_incoming_address 0.0.0.0
> > snmp_outgoing_address 255.255.255.255
> > coredump_dir d:/squid/var/cache
> > access_log d:/squid/var/logs/access.log squid
> > cache_log d:/squid/var/logs/cache.log
> > mime_table d:/squid/var/logs/mime.conf
> > cache_store_log d:/squid/var/logs/store.log
>
> well, you can set that to "none" the store log is mostly a deep debug
> info log.
>
> > redirect_program c:/Perl/bin/perl.exe d:/squid/var/logs/redirector.pl
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
> Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
Received on Fri Jun 12 2009 - 07:21:55 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 12 2009 - 12:00:03 MDT