[squid-users] Re: cache deny, but still getting tcp hits from Isaac Witmer on 2010-02-04 (squid-users)

From: Isaac Witmer <isaaclw_at_gmail.com>
Date: Thu, 04 Feb 2010 14:14:57 +0300

Sorry, I did a bad job of explaining.
I had SquidGuard as a url_rewrite_program redirecting all Ubuntu
Repository links to 10.42.43.1:9999, (the local net IP).
So Apt-proxy (working off this port) was doing the caching, and squid
shouldn't be. (in the case of a corrupt file getting cached, it would
only be in one place, instead of both)

After looking in the cache.log file with debug_options All,3
2010/02/04 13:51:28.288| ACLChecklist::preCheck: 0x85f8fb0 checking
'cache deny ubuntu_repo'
2010/02/04 13:51:28.288| ACLList::matches: checking ubuntu_repo
2010/02/04 13:51:28.288| ACL::checklistMatches: checking 'ubuntu_repo'
2010/02/04 13:51:28.289| aclMatchDomainList: checking '10.42.43.1'
2010/02/04 13:51:28.289| aclMatchDomainList: '10.42.43.1' NOT found

It turns out that I needed one extra 'cache deny' rule in this case. I
don't understand it entirely but it seems adding a cache deny rule for
"localnet" (which was already defined for my local area network) also
helped to blacklist the 10.42.43.1 ip address.

-Isaac

On 02/02/2010 01:43 PM, Isaac Witmer wrote:
> I'm trying to run squid alongside apt-proxy. To keep things cleaner, I'm
> trying to keep squid from caching apt-proxy requests, or basic Ubuntu
> repositories.
>
> I added this code to my squid.conf file:
> acl ubuntu_repo dstdomain archive.ubuntu.com archive.canonical.com
> security.ubuntu.com ke.archive.ubuntu.com
> cache deny ubuntu_repo
>
>
> but I'm still getting TCP hits on those domains:
> root_at_kimende-s:~# tail -F /var/log/squid/access.log | grep "TCP_HIT"
> 1265098628.591 26 10.42.43.13 TCP_HIT/200 93875 GET
> http://ke.archive.ubuntu.com/ubuntu/pool/main/g/grub2/grub-common_1.96+20080724-12ubuntu2_i386.deb
> - NONE/- application/dpkg
> 1265098628.600 8 10.42.43.13 TCP_HIT/200 16494 GET
> http://ke.archive.ubuntu.com/ubuntu/pool/main/g/grub/grub_0.97-29ubuntu53_i386.deb
> - NONE/- application/dpkg
> 1265098628.665 63 10.42.43.13 TCP_HIT/200 404514 GET
> http://ke.archive.ubuntu.com/ubuntu/pool/main/g/grub/grub_0.97-29ubuntu53_i386.deb
> - NONE/- application/dpkg
> 1265098750.278 392 10.42.43.11 TCP_HIT/206 315 GET
> http://security.ubuntu.com/ubuntu/dists/jaunty-security/main/source/Sources.bz2
> - NONE/- text/plain
> 1265098750.278 394 10.42.43.11 TCP_HIT/206 315 GET
> http://security.ubuntu.com/ubuntu/dists/jaunty-security/main/source/Sources.bz2
> - NONE/- text/plain
> 1265098750.279 1 10.42.43.11 TCP_HIT/206 0 GET
> http://security.ubuntu.com/ubuntu/dists/jaunty-security/restricted/source/Sources.bz2
> - NONE/- text/plain
>
>
> Is this normal? It seems like it's still caching....
> Attached is my squid.conf file.
>
>
Received on Thu Feb 04 2010 - 10:54:04 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 05 2010 - 12:00:04 MST